Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN tunnel ok, but can't ping PC

Status
Not open for further replies.
Posibrain

Posibrain

Technical User
Mar 23, 2004
5
0
0
PR
Hi to all!
This is driven me crazy, everything was working fine until last friday. My setup is two ofice connected by VPN with BEFVP41 and BEFSX41. Since last friday the VPN log show that the offices LAN are connected but, I can't ping any of the computers from either side. No changes were made to the network/routers, the tunnel creation aparenly is reliable, but no data is going thru.

The setup is this:
Main location: 5 PC Win XP Pro, BEFVP41,Cable Modem 512k
Local Sec Grp : Subnet 192.168.2.0
Mask 255.255.255.0
Remote Sec Grp: Subnet 192.168.3.0
Mask 255.255.255.0
Remote Sec.Gtw: Any

WAN IP: 69.79.16.181
Sub Mask: 255.255.255.0

Remote location: 1 PC Win XP Pro, BEFSX41, DSL 512k
Local Sec Grp : Subnet 192.168.3.0
Mask 255.255.255.0
Remote Sec Grp: Subnet 192.168.2.0
Mask 255.255.255.0
Remote Sec.Gtw: 69.79.16.181

WAN IP: 66.50.247.124
Sub Mask 255.255.255.248

Netbios Broacast and Keep-alive is enable in both routers.
Any ideas? Can any changes made by my ISP's affect my VPN tunnel data flow?

Thank in advance

Jorge Carmona


 
Sort by date Sort by votes
I’m no expert but I heard that through VPN the firewall disallows pinging even if you have successful connection

Good luck
 
Upvote 0 Downvote
have you checked if the appropriate static routes have been created?

And pinging IS possible through a VPN tunnel. It depends on if the router that manages the tunnel allows or disallows pinging in its filtering rules. So you should also check that.
 
Upvote 0 Downvote
Posibrain,

I'm guessing the router web interface shows the tunnels up is why you're saying that the tunnel is reliable. What happens if you start a -t ping through the tunnel, then go to the web interface and hit the "disconnect" button on the VPN page? Does the screen refresh and your ping start going through? Here are a few things you might try...

Manually set the MTU to 576
Disable all firewall options
Re-enable each firewall option one at a time
Make sure Phase 1 and 2 lifespans for IPSec are the same

Post back with an update.
 
Upvote 0 Downvote
Gacollier,

I implement all your sugestion with no luck. In the initial installation one month ago, I use mostly defaults parameters and everything works fine even the ping works.

 
Upvote 0 Downvote
Posi,

What happens when you try to ping the LAN IP address of the VPN router instead of the PC IP's?
 
Upvote 0 Downvote
Gacollier

Request time out the same. Today I spoke with the ISP's and Linkys support with no luck.

Jorge
 
Upvote 0 Downvote
If it all worked fine when U set it up at first, then i suggest you give the router a hard reset (reset to defaults) and set up the tunnel from scratch and see if that works. If it doesn't that would mean your router isn't functioning properly....
 
Upvote 0 Downvote
Dyadmin's right... your main site should have a remote gateway of 66.50.247.124.
 
Upvote 0 Downvote
Gentlemen’s ,

Resetting the routers to factory defaults was my first troubleshooting move (like pmf71 said). I configure the routers from scratch. The routers connect but the ping command gives me “Request time out.” This morning I configure the remote gateway IP on the main site (like Dyadmin said), with the same result: The routers establish the tunnel but, I can see the remote site” My main application for this setup is to use WinXP Remote desktop to connect one remotely PC to another in the main site. Like I said, until last Friday everything was working fine with the configuration I wrote in the beginning of the thread.

Thanks for the suggestions

Jorge
 
Upvote 0 Downvote
Hi!
Today I use the configuration described on this page:


The two routers connect and I can ping the PC from one side to other. This prove that the routers are ok. I use the ping command with the -t option for about two hours with each PC pinging the other with no missing transmition.
Is posible that my problem is with the ISP? Any ideas?

BTW, thanks to the people of TomsNetworking for this easy setup to test routers.

Jorge
 
Upvote 0 Downvote
Jorge,

I'm wondering if your ISP has introduced or changed the routing to introduce a NAT device somewhere through the network. AH might be getting screwed up as it passes through the NAT device and the VPN device on the end of the tunnel is discarding packets. The tunnel might stay up and appear solid, but since the hashed IP header is tampered with (because of the NAT device) your VPN appliance just discards all packets. Have you tried to contact your ISP and see if they've made any changes?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Question
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
0
Views
1K
FrankSider12
F
teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
306
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
198
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
128
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top