07-05-2010 09:39 AM
Hi,
On one of our sites we have a vlan dedicated to third party equipment and devices. We have just had a new device installed.
I can ping this device when on the network, but I get no response when I try to ping it from over a vpn connection. I can ping other devices on that network, just not this one.
And it's got me stumped. The company have stated there's nothing in the config of the device that would prevent this.
Any ideas?
07-05-2010 03:42 PM
Hi,
Is that device that you're trying to PING part of the interesting traffic (VPN traffic)?
That device has the same default gateway as the other devices that you can PING?
Are there any filters for VPN traffic that might be preventing communication with that device?
Federico.
07-13-2010 06:00 AM
Thanks Federico,
Yes it's part of interesting traffic.
Yes it has the same gateway as other pingable devices.
No there are no filters.
I've double-checked the settings on the device and it's just simple address, mask and gateway settings.
Still can't ping it. I can ping it from the firewall itself, just not when on the vpn.
Still baffled
08-06-2010 06:44 AM
Post your nat configs (sanitize if necessary). When dealing with access issues over VPN, NAT is usually the best place to start if you can connect successfully.
08-17-2010 01:46 PM
Most of the time when I see this, the issue is that the new device doesn't have a default route set, or its default route points to a router that does not have a route to the VPN.
That is, your packets get to it just fine, but its replies are either never sent, or sent to the wrong place. Look at the routing table of the un-answering device, or trt a traceroute from that device to the VPN.
Another common problem is that the device has the subnet mask set incorrectly and is ARPing when it should be using its route table or vice-versa.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: