Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
4
Helpful
5
Replies

Unable to access network devices after successful VPN

bipot
Level 1
Level 1

‎07-03-2006 04:57 PM - edited ‎02-21-2020 01:01 AM

We've successfully VPN into the other domain but we're unable to access the devices in that domain. What could be wrong?

0 Helpful
5 Replies 5

Fernando_Meza
Level 7
Level 7

‎07-05-2006 02:27 AM

hi ... are you connecting using cisco VPN client or a LAN to LAN VPN ..? there are few things you need to check in this type of situations.

1.- The devices terminating the VPN support NAT traversal and it is enabled.

2.- Make sure there are no access-list that could be blocking this communication.

3.- Make sure that the networks behind each VPN gateway know how to route to each other.

I hope it helps ... please rate it if it does !!!

0 Helpful

bipot
Level 1
Level 1
In response to Fernando_Meza

‎07-06-2006 05:02 PM

Hi

I've done all the steps above but still unable to access or ping the devices.

please help.

bax.

0 Helpful

leighharrison
Level 7
Level 7
In response to bipot

‎07-08-2006 07:50 AM

Hey there,

This seems like a routing problem to me. Do a traceroute from your site to the new site and see where it goes, then do a trace from the new site back to you and see where that goes.

If it goes in the right direction, then have a look to see if the traffic is permitted down the tunnel, etc.

Happy hunting!

Regards,

LH

Please rate all posts

0 Helpful

bipot
Level 1
Level 1
In response to leighharrison

‎07-10-2006 05:12 PM

Hi there

If I have to do a traceroute from my site, it will be the site I vpn successfully to. I vpn in OK. but I can't access the devices within this new site. And the trace will be on the same site I'm on through VPn client.

Or do you mean to trace from this Public network I'm on to the private test network.

Dont seem to understand your statement, please explain further.

Regards.

BIC.

0 Helpful

leighharrison
Level 7
Level 7
In response to bipot

‎07-11-2006 02:45 AM

Hi there,

If you can't access the other site, there could be a couple of reasons. The traffic that you are sending might not be in the allowed traffic list, you might not be routing to it, or it might not be routing back.

To test the routing, do a trace route and see if it heads off to the new site as you would expect and see if it gets there or if/where it stops. You will also need to check that the remote site knows how to get back to you. For this do the same trace route from the remote site.

To test the allowed traffic, have a look at the node you've got the vpn set up on and make sure that your traffic is in the allowed/no nat list.

Regards,

LH

Please rate all posts

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card