ping vpn client from inside

Unanswered Question
Dec 10th, 2007

Hi All,

I have the following setup for remote access

VPN concentrator public interface connected to the internet; private interface connected to the firewall dmz. The vpn clients get an ip address from the pool which is on the same subnet as the private interface.

VPN clients receive public IP. The internal network is private IP and I have no nat configured for internal network to the DMZ. VPN clients do not have any problem accessing anything. But users on the inside cannot ping the VPN client addresses. The firewall is permitting ICMP. It seems like the concentrator is blocking it. The tunnel default gateway is the DMZ interface of the firewall. The def. gateway is the external router.

Does anyone know why I am not able to ping the client IP addresses from inside?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 12/10/2007 - 21:03

from the concentrator itself you should be able to ping the client ip address picked up from your DMZ dhcp pool. Login to concentrator>administration>ping and try one of the clients DMZ addresses, if you cannot ping clients from concentrator it is quite posible the clients have firewall turned on in their machines.

have a client checked their firewall settings from their windows machine, if this is the case try ping from your inside net after clients turn off firewalling.

[edit] for troubleshooting you may also plug in a labtop in DMZ switch give it a static ip and try ping the client from DMZ subnet, this way you can truly rule out firewall.

HTH

Jorge

rate helpful posts

mchockalingam Tue, 12/11/2007 - 05:19

Thanks for the reply.

I was not able to ping the clients from the concentrator. Winodws firewall was turned on one of my computers and I turned it off. That was one part of the problem.

The other part was the tunnel default gateway.

I removed the tunnel default gateway (entered 0.0.0.0 instead of the firewall dmz ip) and also unchecked the override tunnel default gateway option.

Now, I can ping the VPN clients from inside and clients can access everything that they could do as before.

I am not really sure if I created any other new problem but it does not look like it at this point.

Once again thanks for your help.

Actions

This Discussion