IPSec SA Established, but ping only works one way

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPSec SA Established, but ping only works one way

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPSec SA Established, but ping only works one way
IPSec SA Established, but ping only works one way
2022-07-04 10:38:27 - last edited 2022-08-08 07:42:15
Tags: #VPN
Model: ER7206 (TL-ER7206)  
Hardware Version:
Firmware Version:

Hello,

I have an IPSec tunnel established within my TPLink Omada router ER7206, and CHR Mikrotik server.
After IPSec is established between those two, at first they cannot ping to each other.
Then I added routing on the CHR Mikrotik, so now the CHR Mikrotik can ping to TPLink router and PCClient1 local IP. But not the other ways, from TPLink to Mikrotik is RTO.

So far, this is my progress. I also can ping from PCClient1 to CHR Mikrotik local IP.

Other than routing on Mikrotik CHR, there is no firewall / NAT setup on both of routers.
Please help me. I'm still new to this subject.

  0      
  0      
#1
Options
3 Reply
Re:IPSec SA Established, but ping only works one way
2022-07-04 20:32:30

  @michael_antony 

 

On the TPLINK add a 'Policy Route' for 'Private Networks' via the VPN (L2TP.xxxx) instead of the WANx port.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:IPSec SA Established, but ping only works one way
2022-07-05 04:09:07

Hi  @d0ugmac1 ,

 

I added the policy routing on my TPLink router like this:

But still ping is not success to CHR mikrotik.

  0  
  0  
#3
Options
Re:IPSec SA Established, but ping only works one way
2022-07-05 12:43:33
You forgot part 2 of my sentence.... change the WAN to the Tunnel (so below Destination IP, use the pulldown to see if your VPN tunnel is an option instead of WAN)
<< Paying it forward, one juicy problem at a time... >>
  4  
  4  
#4
Options