System Tools -> Diagnostics -> Ping do not work on VPN
System Tools -> Diagnostics -> Ping do not work on VPN
The VPN tunnel is working properly but
pings (from System Tools -> Diagnostics -> Ping) do not reach devices on the other side of the VPN tunnel.
"Block Ping from WAN" is unchecked in firewall.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
VPN: IPsec
Fist router is: 192.168.1.1
Second router is: 192.168.2.1
I can ping from (diagnostic tools) 192.168.1.1 to 192.168.1.20,
but I can not from (diagnostic tools) 192.168.2.1 to 192.168.1.20.
---
I didn't have this type of problems when I used the same type of vpn on cisco routers (RV042G).
- Copy Link
- Report Inappropriate Content
Hi @sdgf
Thanks for posting in our business forum.
sdgf wrote
VPN: IPsec
Fist router is: 192.168.1.1
Second router is: 192.168.2.1
I can ping from (diagnostic tools) 192.168.1.1 to 192.168.1.20,
but I can not from (diagnostic tools) 192.168.2.1 to 192.168.1.20.
---
I didn't have this type of problems when I used the same type of vpn on cisco routers (RV042G).
I got a question. What if you try the router's default GW IP?
So, you said the tunnel is up, at least you should be able to ping the default GW IP.
Need more details about your config if you can share it. The IP area is important to learn and diagnose.
- Copy Link
- Report Inappropriate Content
IPsec working:
1 | IPSEC_0 | in | 192.168.1.0/24 <-- 192.168.2.0/24 |
2 | IPSEC_0 | out | 192.168.1.0/24 --> 192.168.2.0/24 |
When I logged on 192.168.1.1 router and ping to 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 64 data bytes
Reply from 192.168.1.1: bytes=64 ttl=64 seq=1 time=0.532 ms
Reply from 192.168.1.1: bytes=64 ttl=64 seq=2 time=0.481 ms
Reply from 192.168.1.1: bytes=64 ttl=64 seq=3 time=0.479 ms
Reply from 192.168.1.1: bytes=64 ttl=64 seq=4 time=0.542 ms
--- Ping Statistic "192.168.1.1" ---
Packets: Sent=4, Received=4, Lost=0 (0.00% loss)
Round-trip min/avg/max = 0.479/0.508/0.542 ms
but when I ping to 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 64 data bytes
Request timed out!
Request timed out!
Request timed out!
Request timed out!
--- Ping Statistic "192.168.2.1" ---
Packets: Sent=4, Received=0, Lost=4 (100.00% loss)
When I logged on 192.168.2.1 router and ping to 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 64 data bytes
Reply from 192.168.2.1: bytes=64 ttl=64 seq=1 time=0.493 ms
Reply from 192.168.2.1: bytes=64 ttl=64 seq=2 time=0.546 ms
Reply from 192.168.2.1: bytes=64 ttl=64 seq=3 time=0.473 ms
Reply from 192.168.2.1: bytes=64 ttl=64 seq=4 time=0.458 ms
--- Ping Statistic "192.168.2.1" ---
Packets: Sent=4, Received=4, Lost=0 (0.00% loss)
Round-trip min/avg/max = 0.458/0.492/0.546 ms
but when I ping to 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 64 data bytes
Request timed out!
Request timed out!
Request timed out!
Request timed out!
--- Ping Statistic "192.168.1.1" ---
Packets: Sent=4, Received=0, Lost=4 (100.00% loss)
- Copy Link
- Report Inappropriate Content
Hi @sdgf
Thanks for posting in our business forum.
Post your config of both sites. Esp these settings.
Both routers are ER650 V2 2.1.2? In standalone mode?
And your tunnel screenshot with sensitive info mosaiced.
- Copy Link
- Report Inappropriate Content
Now, both routers are ER605 V2 2.2.2.
Both standalone mode.
192.168.1.1:
192.168.2.1:
- Copy Link
- Report Inappropriate Content
Hi @sdgf
Thanks for posting in our business forum.
sdgf wrote
Now, both routers are ER605 V2 2.2.2.
Both standalone mode.
192.168.1.1:
192.168.2.1:
Do you have ACL for this? I am pretty certain that IPsec, site-to-site VPN, should be accessible to each end. But in your case, it is not. Something else must interfere with this.
What other settings do you have except for the default and VPN settings?
- Copy Link
- Report Inappropriate Content
Advanced VPN options:
- Copy Link
- Report Inappropriate Content
When I ping from 192.168.1.100 (desktop, Windows 10) to router 192.168.2.1 everything is OK.
Only diagnostic tool (router, 192.168.1.1) can not send ping to router 192.168.2.1.
- Copy Link
- Report Inappropriate Content
Hi @sdgf
Thanks for posting in our business forum.
Can you give a screenshot of the LAN interface? Would like to see the LAN interface.
Is there any ACL which I asked multiple times?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1237
Replies: 14
Voters 0
No one has voted for it yet.