cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1602
Views
5
Helpful
9
Replies
Beginner

Site to site VPN - can not ping from one end.

We have recently established Site to Site VPN.

The Issue is from remote end , ping is responding fine but I could not ping to remote end local network

I assume if ping is working fine from one side means VPN is okay and it is just a matter of firewall rules?

please suggest me.

9 REPLIES 9
Beginner

Hi!

Hi!


I don't know what your network scheme is, but if it is something like: compoter-A---RoterA<--->RouterB---ComputerB, and you can ping from RouterA to RouterB but not from ComputerA to COmputerB, it could be because of your firewall. Windows firewall rejects incoming ICMP packets by default. You can check if you are reciving the PING using wireshark in the ends of the network. Other cause among  hundreds could be NAT. Check carefully what traffic is going through NAT in the routers (A and B). NAT is done before IPsec cryptomaps, and that would make traffic not entering the VPN.

Beginner

Thanks

Thanks

Computer A can ping Computer B. But computer B can not ping Computer A.

I just want to make sure that it is not VPN related issue as Comp A can ping Comp B.

is not it other than VPN, may be firewall?

VIP Advocate

Is computer A a windows

Is computer A a windows machine? if yes, is the windows firewall turned off or at the very least ICMP allowed in windows firewall?

Also, check the firewall rules to see if ICMP is allowed from computer B to computer A.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
Beginner

Re: Hi!

Thank you, it solved my ping issue. I was scratching my head trying to figure out why one PC couldn't ping other PC. I turned firewall off and ping worked, thanks again.

Is this an ASA, or IOS based

Is this an ASA, or IOS based product? Can you share more details of your configuration?

If it is an ASA, you can use the "Packet Tracer" feature which allows you to execute a "what if" traffic scenario with detailed information on where the traffic dropped, or if it should be successfully passed through the firewall (and in what manner).

Beginner

In my end it is Cisco router

In my end it is Cisco router but other end i think Juniper

Highlighted
Beginner

Does other end have applied

Does other end have applied any inspection ?

Beginner

Thanks,

Thanks,

I am not sure, I am doing only one end.

VIP Advocate

What type of devices are used

What type of devices are used for setting up the s2s tunnel (ASA, Router).  From what device are you pinging from on your local network?  Which IP is replying to ping, is it an IP across the VPN or is it the public IP of the remote end?

Also, could you post a network diagram so we understand what devices are involved and how they are connected in relation to eachother.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer