[vpn-help] Can't ping some IP addresses behind VPN
mikelupo at aol.com
mikelupo at aol.com
Mon Sep 6 06:48:15 CDT 2010
Hi, Thanks for the reply.
This makes very good sense for the windows machines behind the VPN, but the thrust of my work is to enable a VPN user to monitor a DVR video security system.
It's a hardware device with no firewall software at all on it.
What I've learned since my original post is that the results are inconsistent. Sometimes when I connect, I can get to the device (ping, browser, etc), other times, I cannot ...Yet the device is still pingable via the Diagnostics page on the VPN Web Console. When I can ping it from my remote location, I can connect to it and view the cameras. When I cannot ping it, I cannot connect to it....confirming that when no ping...no other services available.
When I can't get to the device, I look to see if I still have my SA's. And yes I do. So this is a bewildering problem....sigh.
Suspicions:
Netgear came out with a new firmware in August. ..so maybe I'll try putting that into the device today.
My other slightly suspicious thing is the Shrewnet client as I've begun using the 2.1.7 beta for a few days now..
Regards,
Mike
-----Original Message-----
From: Michal Wegrzyn <Michal at comfortel.pl>
To: vpn-help at lists.shrew.net
Sent: Mon, Sep 6, 2010 3:07 am
Subject: Re: [vpn-help] Can't ping some IP addresses behind VPN
Hi Mike,
Disable Firewall on devices and check pings.
Default in Windows only respond on the same subnet while in VPN ModeConfig You have different subnet so Windowses drops Your packets.
Regards,
Michal
----- Original Message -----
From: mikelupo at aol.com
To: vpn-help at lists.shrew.net
Sent: Saturday, September 04, 2010 3:58 AM
Subject: [vpn-help] Can't ping some IP addresses behind VPN
Hi Matthew et. al,
I have a Netgear FVS318G vpn router. I can connect to it using Shrew 2.1.6 (latest released version).
Iked.log is attached.
Once I make my connection, I can ping the VPN's local internal address on the remote network (192.168.1.1). I even confirm that https://192.168.1.1:8080 will render the VPN admin console. So this confirms that I'm really reaching the VPN on the remote LAN.
I however, cannot ping devices that I know are running in the LAN beyond the gateway. It seems my packets are being dropped. I can confirm these target addresses are pingable using the Netgear VPN admin console diagnostics. (i.e. 192.168.1.7)
In the VPN Trace utility, I see only two SA's (Mature ESP types). Both show positive traffic flow.
Topology:
VPN Local network side: 192.168.1.0/24
Mode Config address pool: 192.168.2.50 - 100
Local Lan: 10.0.0.0/24
I figure Matt, you'd want to know this for the Policy Tab.
Policy Generation Level = Auto
s:policy-list-include:192.168.1.0 / 255.255.255.0
Does my iked log give any hints?
Thanks in advance,
Mike
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________
pn-help mailing list
pn-help at lists.shrew.net
ttp://lists.shrew.net/mailman/listinfo/vpn-help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100906/f9e68122/attachment-0002.html>
More information about the vpn-help
mailing list