If Ping is block, how can I test connection?

[hummer3331973]

I've put-up a site-to-site VPN using 2 Cisco routers. I believe I've set-up the config correctly using IPsec but why can't the ping (from the other end) reach my internal network? Is the firewall blocking it (a Watchguard is installed after the router)? How can I prove this?

Aside from ping, what other way can I check if my connection is working?

This is my first time to put up a VPN and any help is appreciated. I've reported this to the network admin but you know how some responds to newbies like me Thanks.

 

[pansophic]

If you have any services set up on the remote end of the VPN you can telnet to that socket to verify that you connect.

telnet 192.168.1.1 80

will connect you to port 80 on 192.168.1.1, which if you have a web server running will allow you to connect.

Do a google search on /etc/services to get a listing of the ports commonly used for an application.

You can use tracert to verify that the connection is actually traversing the VPN and not going across the Internet.

I am assuming that you are using Windows. If you are using *nix or Mac the tracert would be tracepath or traceroute.


pansophic

 

[RussellMcL]

I'm not totally sure but you might be able to use tracert xxx.xxx.xxx.xxx in the command prompt.

 

[pansophic]

tracert should use ICMP packets, so if ping is blocked, tracert should yeild no results either.

If you are running linux there is an application called hping that allows you to ping using TCP packets, destined for ports that are generally open.


pansophic