Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1348
Views
0
Helpful
3
Replies

RV042 VPN Tunnel Established - Can ping routers across tunnel, not CPU's

silvrrwulf
Level 1
Level 1

‎09-30-2013 12:18 PM

Hi All.  Looking to answer a burning question, and see how/ why I cannot ping (or see)  system across the VPN tunnel although I can ping routers from across the tunnel.  The tunnels are connected and established, and they remain up.  From both sites, I have this enabled.

advanced ip pic.PNG

I also have this enabled, static routes, pointing at each other: (in the pic below, the router at Site #2 at 192.168.0.x is pointing to 192.168.1.x)

advanced routing.PNG

Block wan request is disabled on the firewall on both routers.  Still, if I'm on the network at site #2, I cannot ping any of the machines at Site #1, even though I can ping the routers interal address at site #1).

I have upgraded to th elatest firmware on both routers.

As you can see, I'm trying just about everything - Any advice would be sincerely appreciated, as the entire idea is to brige the offices.  Thanks so much!

~Lance

Labels:
0 Helpful
3 Replies 3

OmerTatar
Level 1
Level 1

‎10-01-2013 11:56 PM

Hi Lance,

you should post the IP info from WAN interfaces on boot routers. Don't use Compres option if you really don't need it. You don't need routing do be able to ping from network at site#1 to network at site#2. If your WAN interfaces have public IP address, then you don't need to turn on the option NAT Traversal. When you chek all this, then check that machines on both networks have default gateway set to LAN IP address of corresponding router, or have a route to other site's network accross LAN IP address of corresponding router (e.g. machines in site#1 should have default gateway or route to 192.168.0.0/24 accross 192.168.1.1 and vice versa).

Good Luck,

Omer

0 Helpful

silvrrwulf
Level 1
Level 1
In response to OmerTatar

‎10-02-2013 05:13 AM

Mr. Omar,

Thanks so, so much for your time!  Where would I make sure each router has a default gateway to the other one?

Again, I really appreciate the assistance.  I set these up fairly often, but haven't run into a situation like this where I'm having trouble pinging acorss an established tunnel.  Never run into this before : (.

Thanks!

~Lance

0 Helpful

OmerTatar
Level 1
Level 1
In response to silvrrwulf

‎10-02-2013 06:49 AM

Hi Lance,

that is done by default...when packet enters router's LAN port and that packet is destinated to remote local network, the packet is tunneld through established tunnel. You just make sure that machines that is sending echo request has a route to other network through VPN router, and that machine that is being "pinged" has a route to origination network  through its side VPN router...

Your situation is this:

Site#1(192.168.1.0/24)-------->VPN#1======Tunnel=======VPN#2---------->Site#2(192.168.0.0/24)

So machine on site#1 should have a route: 192.168.0.0/24 over 192.168.1.1 (assuming that 192.168.1.1 is LAN IP of the VPN router on site#1)

Machine on site#2 should have a route: 192.168.1.0/24 over 192.168.0.1 (assuming that 192.168.0.1 is LAN IP of the VPN router on site#1)

Good Luck,

Omer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents