Can't ping a device over the VPN

Unanswered Question
Jul 5th, 2010
User Badges:


On one of our sites we have a vlan dedicated to third party equipment and devices. We have just had a new device installed.

I can ping this device when on the network, but I get no response when I try to ping it from over a vpn connection. I can ping other devices on that network, just not this one.

And it's got me stumped. The company have stated there's nothing in the config of the device that would prevent this.

Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Mon, 07/05/2010 - 15:42
User Badges:
  • Green, 3000 points or more


Is that device that you're trying to PING part of the interesting traffic (VPN traffic)?

That device has the same default gateway as the other devices that you can PING?

Are there any filters for VPN traffic that might be preventing communication with that device?


Charles Rayer Tue, 07/13/2010 - 06:00
User Badges:

Thanks Federico,

Yes it's part of interesting traffic.

Yes it has the same gateway as other pingable devices.

No there are no filters.

I've double-checked the settings on the device and it's just simple address, mask and gateway settings.

Still can't ping it. I can ping it from the firewall itself, just not when on the vpn.

Still baffled

Antonio Knox Fri, 08/06/2010 - 06:44
User Badges:
  • Silver, 250 points or more

Post your nat configs (sanitize if necessary).  When dealing with access issues over VPN, NAT is usually the best place to start if you can connect successfully.

Phillip Remaker Tue, 08/17/2010 - 13:46
User Badges:
  • Cisco Employee,

Most of the time when I see this, the issue is that the new device doesn't have a default route set, or its default route points to a router that does not have a route to the VPN.

That is, your packets get to it just fine, but its replies are either never sent, or sent to the wrong place.  Look at the routing table of the un-answering device, or trt a traceroute from that device to the VPN.

Another common problem is that the device has the subnet mask set incorrectly and is ARPing when it should be using its route table or vice-versa.


This Discussion