[vpn-help] Can't ping some IP addresses behind VPN

mikelupo at aol.com mikelupo at aol.com
Fri Sep 3 20:58:40 CDT 2010


Hi Matthew et. al,
I have a Netgear FVS318G vpn router.  I can connect to it using Shrew 2.1.6 (latest released version).
Iked.log is attached.

Once I make my connection, I can ping the VPN's local internal address on the remote network (192.168.1.1). I even confirm that https://192.168.1.1:8080 will render the VPN admin console. So this confirms that I'm really reaching the VPN on the remote LAN. 
I however, cannot ping devices that I know are running in the LAN beyond the gateway. It seems my packets are being dropped.  I can confirm these target addresses are pingable using the Netgear VPN admin console diagnostics. (i.e. 192.168.1.7)
In the VPN Trace utility, I see only two SA's (Mature ESP types). Both show positive traffic flow.

Topology:
VPN Local network side: 192.168.1.0/24
Mode Config address pool: 192.168.2.50 - 100
Local Lan: 10.0.0.0/24

I figure Matt, you'd want to know this for the Policy Tab.
Policy Generation Level = Auto
s:policy-list-include:192.168.1.0 / 255.255.255.0

Does my iked log give any hints?

Thanks in advance,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100903/5d165921/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked.log
Type: text/richtext
Size: 90249 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100903/5d165921/attachment-0001.rtx>


More information about the vpn-help mailing list