cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3650
Views
5
Helpful
9
Replies

Site to site VPN - can not ping from one end.

imstha001
Level 1
Level 1

We have recently established Site to Site VPN.

The Issue is from remote end , ping is responding fine but I could not ping to remote end local network

I assume if ping is working fine from one side means VPN is okay and it is just a matter of firewall rules?

please suggest me.

9 Replies 9

gm2300061
Level 1
Level 1

Hi!


I don't know what your network scheme is, but if it is something like: compoter-A---RoterA<--->RouterB---ComputerB, and you can ping from RouterA to RouterB but not from ComputerA to COmputerB, it could be because of your firewall. Windows firewall rejects incoming ICMP packets by default. You can check if you are reciving the PING using wireshark in the ends of the network. Other cause among  hundreds could be NAT. Check carefully what traffic is going through NAT in the routers (A and B). NAT is done before IPsec cryptomaps, and that would make traffic not entering the VPN.

Thanks

Computer A can ping Computer B. But computer B can not ping Computer A.

I just want to make sure that it is not VPN related issue as Comp A can ping Comp B.

is not it other than VPN, may be firewall?

Is computer A a windows machine? if yes, is the windows firewall turned off or at the very least ICMP allowed in windows firewall?

Also, check the firewall rules to see if ICMP is allowed from computer B to computer A.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Thank you, it solved my ping issue. I was scratching my head trying to figure out why one PC couldn't ping other PC. I turned firewall off and ping worked, thanks again.

Bryan McFarlane
Level 1
Level 1

Is this an ASA, or IOS based product? Can you share more details of your configuration?

If it is an ASA, you can use the "Packet Tracer" feature which allows you to execute a "what if" traffic scenario with detailed information on where the traffic dropped, or if it should be successfully passed through the firewall (and in what manner).

In my end it is Cisco router but other end i think Juniper

MANI .P
Level 1
Level 1

Does other end have applied any inspection ?

Thanks,

I am not sure, I am doing only one end.

What type of devices are used for setting up the s2s tunnel (ASA, Router).  From what device are you pinging from on your local network?  Which IP is replying to ping, is it an IP across the VPN or is it the public IP of the remote end?

Also, could you post a network diagram so we understand what devices are involved and how they are connected in relation to eachother.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts