not able to ping

Unanswered Question
Oct 21st, 2009

hi friends,

i configured site to site vpn between two sites ,one side having cisco 2811 and the other side juniper firewall.but the tunnel is up ,but i am not able to ping the remote lan

and my sh crypto isakmp sa showing

state-QM_IDLE and active

but not able to ping

help me out

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vincent.monnier Fri, 10/23/2009 - 02:27

You should payed attention from which IP your are sending the ICMP echo request.

The source IP address of your testing packets should be in the participating networks of the IKE phase2.

For exemple :

On your 2811 use the following command

ping destination_ip_add source 2811_lan_ip_add

or

ping destination_ip_add source lan_interface_name

on your Juniper (if screenOS) use :

ping destination_ip_add from lan_interface_name

Actions

This Discussion