Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3145
Views
0
Helpful
3
Replies

Site-to-site IPSec VPN connected (2 - RV345's) but can't ping PC's in remote network

Go to solution
hlcons
Level 1
Level 1

‎10-17-2017 09:25 AM - edited ‎03-21-2019 10:57 AM

Hi -

The IPSec VPN says it's UP and Connected.  I can ping router to router, but I am unable to ping a PC/Server on the remote network.  Any suggestions??

FYI. using static IP's.

Thanks in advance,

-h

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hlcons
Level 1
Level 1
In response to hlcons

‎10-26-2017 11:38 AM

USER ERROR!

Finally got back to site A and checked configuration for static IP's (devices I was trying to ping) and realized the default gateway (192.168.1.10 - old def gw) hadn't been updated for the newly installed router (192.168.1.1)!  Everything else was using DHCP - so this slipped by me!

 

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hlcons
Level 1
Level 1

‎10-18-2017 12:25 AM

OK after doing a little more troubleshooting.  I discovered I can successfully ping (from remote router) a remote PC after disabling it's (the PC's MS Windows firewall) firewall (or adding 'ICMP Echo Request' rule to the firewall).

I was under the impression that the IPSec VPN would "allow a remote host to act as if it were on the same LAN.", so there would be no need to add rules to the firewall.  Is this an incorrect assumption?

 

Also, trying a traceroute from router on the same 'pingable' PC - just hangs!

 

 

0 Helpful

Go to solution
raluani
Cisco Employee
Cisco Employee
In response to hlcons

‎10-19-2017 02:33 AM

Hello,
My name is Rozana and i am an engineer from the Small Business Team.

In the IPsec tunnels, the traffic is passed from 1 LAN to the other, but the IP addressing remains the same. Once you enter the remote LAN, the IP address is not being changed.

The connection between the 2 WANs is encrypted along the way, and the traffic from the remote network is being allowed to pass through the RVs firewall.

That is why you need to turn off the ICMP firewall rules in the machines, as you are in fact reaching the device from a different subnet, and the device firewall is blocking remote ICMP requests.

If you use other services, you can allow only them in the servers firewall - for example if you have a Web server, you can allow access from remote networks on the firewall, only for that service.

Regards.

0 Helpful

Go to solution
hlcons
Level 1
Level 1
In response to hlcons

‎10-26-2017 11:38 AM

USER ERROR!

Finally got back to site A and checked configuration for static IP's (devices I was trying to ping) and realized the default gateway (192.168.1.10 - old def gw) hadn't been updated for the newly installed router (192.168.1.1)!  Everything else was using DHCP - so this slipped by me!

 

 

 

0 Helpful
Customers Also Viewed These Support Documents