Business Community > Routers > IPSec SA Established, but ping only works one way
< Routers

IPSec SA Established, but ping only works one way

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPSec SA Established, but ping only works one way

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPSec SA Established, but ping only works one way
IPSec SA Established, but ping only works one way
2022-07-04 10:38:27 - last edited 2022-08-08 07:42:15
Tags: #VPN
Model: ER7206 (TL-ER7206)  
Hardware Version:
Firmware Version:

Hello,

I have an IPSec tunnel established within my TPLink Omada router ER7206, and CHR Mikrotik server.
After IPSec is established between those two, at first they cannot ping to each other.
Then I added routing on the CHR Mikrotik, so now the CHR Mikrotik can ping to TPLink router and PCClient1 local IP. But not the other ways, from TPLink to Mikrotik is RTO.

So far, this is my progress. I also can ping from PCClient1 to CHR Mikrotik local IP.

Other than routing on Mikrotik CHR, there is no firewall / NAT setup on both of routers.
Please help me. I'm still new to this subject.

  0      
 
  0      
 
#1
Options
3 Reply
Re:IPSec SA Established, but ping only works one way
2022-07-04 20:32:30

  @michael_antony 

 

On the TPLINK add a 'Policy Route' for 'Private Networks' via the VPN (L2TP.xxxx) instead of the WANx port.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:IPSec SA Established, but ping only works one way
2022-07-05 04:09:07

Hi  @d0ugmac1 ,

 

I added the policy routing on my TPLink router like this:

But still ping is not success to CHR mikrotik.

  0  
  0  
#3
Options
Re:IPSec SA Established, but ping only works one way
2022-07-05 12:43:33
You forgot part 2 of my sentence.... change the WAN to the Tunnel (so below Destination IP, use the pulldown to see if your VPN tunnel is an option instead of WAN)
<< Paying it forward, one juicy problem at a time... >>
  4  
  4  
#4
Options

Information

Helpful: 0

Views: 1592

Replies: 3

Tags

VPN
Related Articles
Allow new connection one way, block new connections the other way. (between vlans)
2978 1
ER7206 IPSEC Site-to-Site - no incoming traffic
403 0
setting up er7206 with ipsec vpn and access control
345 0
Site to Site VPN with traffic/access in only one direction
884 0
 NAT 1to1 and VPN IPSEC
213 0
ER7206 L2TP tunnel EAP standalone fails to open browser but it responds to ICMP ping
441 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.