vpn tunnel is up, destination host unreachable

bericaleb · ‎09-10-2007

We're (us & our consultants)able to see others end of the tunnel but they (consultants) are not able to reach the hosts they're after. What could have gone wrong as it use to work before. We've never done any changes to the firewall settings? What kind of a problem is this and how do I resolve it if it's firewall related? Note that the hosts the clients are trying to reach up and PINGable.

bericaleb · ‎09-10-2007

Please help. My query is posted above. The VPN tunnel is up. I can see my peer. But the hit counts to my internal hosts are on 0. My consultants can't access these hosts. Where do you think the problem will be? Is it on the firewall, routing or the hosts themselves? Please help!

rtrunk · ‎09-10-2007

It's hard to diagnose without some configs, but I DO NOT recommend posting your configs here.

My suggestion is to turn on logging on the client and your firewall (PIX, ASA or ?). You might get a clue if the firewall is dropping packets. Otherwise, I would suspect a routing problem.

Here are my questions:

Are you using split-tunneling? Do the hosts have a route back to the VPN users? Are there some ACLs on the inside interface of the firewall? Do you see the client traffic on the next hop router after the firewall?

Ron

acomiskey · ‎09-10-2007

You can post your configs, just remove passwords, public ip's etc.