cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
803
Views
0
Helpful
6
Replies
Beginner

VPN site-to-site: local group can ping remote group, but remote group can't ping local group

I made an earlier post and I probably made it sound more complex than it should, hence, here is a simpler post.

I used Cisco's RV082 router and created a successful VPN tunnel connection site-to-site.

My machine in local group is able to ping any of the machines in the remote group subnet.

However, the remote group machines can only ping the local IP address assigned to the router and no other IP addresses in my local group.

What is it that I'm missing out in the configuration??? Shouldn't the local and remote groups ping each other once the tunnel is connected?

- my local group subnet is 192.168.9.0/24 and my remote group subnet is 10.0.0.0/16

 

many thanks.

ik

 

6 REPLIES 6

Hi, It's difficult to

Hi,

 

It's difficult to mitigate the problem without seeing configurations from both routers. upon your descriptions, it seems that there's no problem about tunnel itself. 

Do you have firewall on your side? 

 

Beginner

Thanks for your response

Thanks for your response Houtan.

The configurations are in the attached file(except I blacked out the static IP addresses).

The attached also will show you the access rules and the firewall settings, however, the access rules are default and I disabled the firewall and see if that worked, but the traffic was still getting blocked from the remote side into my local group IPs.

 

ik

Highlighted

Configuration in this router

Configuration in this router seems good and there is no problem.

can u check configuration on remote router? I had similar problem before because of "Local Security Type". after changing from IP to subnet problem has been solved.

 

Houtan 

Beginner

As far as I understand: you

As far as I understand: you can ping host on the remote net but hosts on the remote site can't ping hosts in your LAN.

I suppose it because of the stateful firewall i.e. it permits only returning traffic from WAN interfaces but denies all input traffic from hosts not in your LAN. (Accoding to firewall rules all traffic from WAN is blocked). Add rule for the traffic from remote site.

 

Beginner

thank you for your responses

thank you for your responses.

d_semenov2010,

 

Yes you understood correctly and your suggested solution is what I tried.

See the attached where I created a access rule where I'm letting all inbound traffic, but I still can't get the incoming traffic not being able to come into my LAN( except for the LAN IP address that is assigned to my router).

 

thanks,

ik 

Beginner

Thanks for your responses

Thanks for your responses everyone.

I got to the bottom of it.

AWS has auto-responder which requires that my local area network has to initiate the communication first in order to recognize my lan.

I think there was some type of glitch that this part was not working, but it works now.

 

thanks.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards