11-16-2014 10:50 AM - edited 03-05-2019 12:10 AM
I made an earlier post and I probably made it sound more complex than it should, hence, here is a simpler post.
I used Cisco's RV082 router and created a successful VPN tunnel connection site-to-site.
My machine in local group is able to ping any of the machines in the remote group subnet.
However, the remote group machines can only ping the local IP address assigned to the router and no other IP addresses in my local group.
What is it that I'm missing out in the configuration??? Shouldn't the local and remote groups ping each other once the tunnel is connected?
- my local group subnet is 192.168.9.0/24 and my remote group subnet is 10.0.0.0/16
many thanks.
ik
 
					
				
		
11-16-2014 12:46 PM
Hi,
It's difficult to mitigate the problem without seeing configurations from both routers. upon your descriptions, it seems that there's no problem about tunnel itself.
Do you have firewall on your side?
11-16-2014 04:23 PM
Thanks for your response Houtan.
The configurations are in the attached file(except I blacked out the static IP addresses).
The attached also will show you the access rules and the firewall settings, however, the access rules are default and I disabled the firewall and see if that worked, but the traffic was still getting blocked from the remote side into my local group IPs.
ik
11-17-2014 12:12 AM
Configuration in this router seems good and there is no problem.
can u check configuration on remote router? I had similar problem before because of "Local Security Type". after changing from IP to subnet problem has been solved.
Houtan
11-17-2014 02:35 AM
As far as I understand: you can ping host on the remote net but hosts on the remote site can't ping hosts in your LAN.
I suppose it because of the stateful firewall i.e. it permits only returning traffic from WAN interfaces but denies all input traffic from hosts not in your LAN. (Accoding to firewall rules all traffic from WAN is blocked). Add rule for the traffic from remote site.
11-17-2014 08:32 AM
thank you for your responses.
Yes you understood correctly and your suggested solution is what I tried.
See the attached where I created a access rule where I'm letting all inbound traffic, but I still can't get the incoming traffic not being able to come into my LAN( except for the LAN IP address that is assigned to my router).
thanks,
ik
11-18-2014 07:11 PM
Thanks for your responses everyone.
I got to the bottom of it.
AWS has auto-responder which requires that my local area network has to initiate the communication first in order to recognize my lan.
I think there was some type of glitch that this part was not working, but it works now.
thanks.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide