Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1242
Views
0
Helpful
5
Replies

RV120W and VPN

panagiotis.tsolakos
Level 1
Level 1

‎03-28-2011 05:57 AM

I have successfully created a IPsec connection with a remote gateway using my RV120W which is installed in my office. From a pc that belongs to the remote network I can ping any machine in my local network but I cannot do the opposite. Is there a specific configuration that I have to do so that I can ping pcs in the other side of the VPN tunnel?

Labels:
0 Helpful
5 Replies 5

rmanthey
Level 4
Level 4

‎03-28-2011 06:29 AM

When troubleshooting VPN's the I use the following steps.

  • Is the tunnel state it is connected.
  • If it is connected can you ping the internal IP address of the remote router? (check to make sure the VPN is connected, the local and remote IP address subnet's must be different.)
  • If you can ping the remote router then the tunnel is up. check the following
    • Ping a non-windows device like a switch or possibly a printer. Printers will sometimes not respond back.
    • If you can ping other devices on the inside of your network but not your windows machines look at the windows firewall or other security software.
    • If you can't ping anything check the default gateway address on the remote side. Make sure it is pointing back to the VPN router.

Some of our devices have built in packet capture software but you can use wireshark, to do the same. Generally we will see the ICMP request but no reply coming back from the workstations. By default a domain workstation will only respond to a member of the same subnet. This is part of the GPO of the domain. I hope this helped...

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

0 Helpful

panagiotis.tsolakos
Level 1
Level 1
In response to rmanthey

‎03-28-2011 10:28 AM

Dear Randy,

Thank you very much for your reply.

Actually I was not very detailed with my previous post. To be more specific I am not the administrator of the remote gateway as it belongs to my mobile service operator. I have requested to establish this VPN connection in order to have access to a specific subnet of their network. So, from a PC having an IP that belongs to this subnet I can ping everything in my local network. The problem is that I cannot ping ips that belong to this subnet from my local network, despite the fact that we have successfully established a VPN connection . The tunnel connection is definitely up. I can see the traffic in the IPsec connection status page of my router.

I have communicated with them and they have given the following instructions and said that the configuration of their side is ok.

1.    The port and protocols below should be open for the communication between the two IPSec devices: Protocol 17 (UDP) port 500 (IKE ISAKMP) , Protocol 50 (ESP) port any, Protocol 51 (AH) port any, Protocol 17 (UDP), port 10000

2.    Routing: The private remote subnet (Mobile users subnet) should be routed to the internet.

3.    LAN to LAN access: Communication between the two private subnets should be allowed also in the outer public interface of the IPSec peers.

4.    NAT : NAT should be prohibited for the communication between the two remote LANs.

The problem is that I am not sure if I implement these instructions correctly in the RV120W. Especially the last one! Could you please provide some help?

Thanks again in advance

0 Helpful

rmanthey
Level 4
Level 4
In response to panagiotis.tsolakos

‎03-29-2011 06:42 AM

If the tunnel is established can you ping the inside IP address of the remote router?

---------

if the tunnel is established can you ping from the a network to the b.1 ip? Can they ping you? When troubleshooting VPN's it is difficult if you don't administer both sides. To properly troubleshoot we would need the configuration from both routers and a network topology.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

0 Helpful

panagiotis.tsolakos
Level 1
Level 1
In response to rmanthey

‎03-29-2011 11:48 AM

I would like to apologize for not being precise. To be more specific we have requested from our mobile operator company to connect through VPN some remote laptops that use their mobile internet service with our local network in our office. I have no access to their network but we have come to an agreement about the settings and managed to establish a VPN tunnel. The network topology looks like this:

--- - VPN Tunnel>---------< subnet 10.254.b.x (private pcs with mobile internet, this is static and assigned especially for this connection )>

They have routed traffic from 10.254.b.x through the VPN tunnel to our local network. As a result from 10.254.b.1 I can ping everything in my local network.  But when I ping 10.254.b.1 from my local network, I get no answer. How can I route traffic from 192.168.a.1 to 10.254.b.x through the established VPN connection? I have been told to open routing and access to the 10.254.b.x subnet and prohibit NAT. They have done the same for my local 192.168.a.x.

Thanks once again for your help.

0 Helpful

rmanthey
Level 4
Level 4
In response to panagiotis.tsolakos

‎04-11-2011 03:30 PM

Is 10.254.b.1 a device on the oposite side? can they ping it on thier side. By default when you setup a VPN tunnel it should pass all traffic from the internal source subnet to the remote subnet. To verify more I may need to see the configuration and the logs. Would this be possible?

Thanks,

0 Helpful
Customers Also Viewed These Support Documents