I made an earlier post and I probably made it sound more complex than it should, hence, here is a simpler post.
I used Cisco's RV082 router and created a successful VPN tunnel connection site-to-site.
My machine in local group is able to ping any of the machines in the remote group subnet.
However, the remote group machines can only ping the local IP address assigned to the router and no other IP addresses in my local group.
What is it that I'm missing out in the configuration??? Shouldn't the local and remote groups ping each other once the tunnel is connected?
- my local group subnet is 192.168.9.0/24 and my remote group subnet is 10.0.0.0/16
It's difficult to mitigate the problem without seeing configurations from both routers. upon your descriptions, it seems that there's no problem about tunnel itself.
Do you have firewall on your side?
Thanks for your response Houtan.
The configurations are in the attached file(except I blacked out the static IP addresses).
The attached also will show you the access rules and the firewall settings, however, the access rules are default and I disabled the firewall and see if that worked, but the traffic was still getting blocked from the remote side into my local group IPs.
Configuration in this router seems good and there is no problem.
can u check configuration on remote router? I had similar problem before because of "Local Security Type". after changing from IP to subnet problem has been solved.
As far as I understand: you can ping host on the remote net but hosts on the remote site can't ping hosts in your LAN.
I suppose it because of the stateful firewall i.e. it permits only returning traffic from WAN interfaces but denies all input traffic from hosts not in your LAN. (Accoding to firewall rules all traffic from WAN is blocked). Add rule for the traffic from remote site.
thank you for your responses.
Yes you understood correctly and your suggested solution is what I tried.
See the attached where I created a access rule where I'm letting all inbound traffic, but I still can't get the incoming traffic not being able to come into my LAN( except for the LAN IP address that is assigned to my router).
Thanks for your responses everyone.
I got to the bottom of it.
AWS has auto-responder which requires that my local area network has to initiate the communication first in order to recognize my lan.
I think there was some type of glitch that this part was not working, but it works now.