Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
3
Replies

ping vpn client from inside

mchockalingam
Level 1
Level 1

‎12-10-2007 05:47 PM - last edited on ‎02-21-2020 11:47 PM by Community Manager

Hi All,

I have the following setup for remote access

VPN concentrator public interface connected to the internet; private interface connected to the firewall dmz. The vpn clients get an ip address from the pool which is on the same subnet as the private interface.

VPN clients receive public IP. The internal network is private IP and I have no nat configured for internal network to the DMZ. VPN clients do not have any problem accessing anything. But users on the inside cannot ping the VPN client addresses. The firewall is permitting ICMP. It seems like the concentrator is blocking it. The tunnel default gateway is the DMZ interface of the firewall. The def. gateway is the external router.

Does anyone know why I am not able to ping the client IP addresses from inside?

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎12-10-2007 09:03 PM

from the concentrator itself you should be able to ping the client ip address picked up from your DMZ dhcp pool. Login to concentrator>administration>ping and try one of the clients DMZ addresses, if you cannot ping clients from concentrator it is quite posible the clients have firewall turned on in their machines.

have a client checked their firewall settings from their windows machine, if this is the case try ping from your inside net after clients turn off firewalling.

[edit] for troubleshooting you may also plug in a labtop in DMZ switch give it a static ip and try ping the client from DMZ subnet, this way you can truly rule out firewall.

HTH

Jorge

rate helpful posts

Jorge Rodriguez
0 Helpful

mchockalingam
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎12-11-2007 05:19 AM

Thanks for the reply.

I was not able to ping the clients from the concentrator. Winodws firewall was turned on one of my computers and I turned it off. That was one part of the problem.

The other part was the tunnel default gateway.

I removed the tunnel default gateway (entered 0.0.0.0 instead of the firewall dmz ip) and also unchecked the override tunnel default gateway option.

Now, I can ping the VPN clients from inside and clients can access everything that they could do as before.

I am not really sure if I created any other new problem but it does not look like it at this point.

Once again thanks for your help.

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to mchockalingam

‎12-11-2007 08:07 AM

Glad you have posted complete resolution.

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents