[vpn-help] FVS338 tunnel established but can't ping remote IP's/SSH/DNS etc.
David Borges
david.borges at skitter.tv
Wed Jan 12 12:49:26 CST 2011
Matthew,
I did the same test:
dborges at dborges-ThinkPad-R400:/etc$ ping 10.1.1.4
PING 10.1.1.4 (10.1.1.4) 56(84) bytes of data.
^C
--- 10.1.1.4 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5039ms
# tcpdump -i em1 icmp
tcpdump: listening on em1, link-type EN10MB
13:47:30.829183 10.1.2.150 > 10.1.1.4: icmp: echo request (DF)
13:47:31.852639 10.1.2.150 > 10.1.1.4: icmp: echo request (DF)
13:47:32.863883 10.1.2.150 > 10.1.1.4: icmp: echo request (DF)
13:47:33.852069 10.1.2.150 > 10.1.1.4: icmp: echo request (DF)
13:47:34.860073 10.1.2.150 > 10.1.1.4: icmp: echo request (DF)
13:47:35.867949 10.1.2.150 > 10.1.1.4: icmp: echo request (DF)
As you can see tcpdump shows packets being received from 10.1.2.150
which is my vpn remote client.
Thank you,
On Wed, 2011-01-12 at 11:46 -0600, Matthew Grooms wrote:
> On 1/12/2011 9:50 AM, David Borges wrote:
> > 2011 Jan 12 10:42:41 [FVS338] [IKE] IPsec-SA established[UDP encap
> > 4500->4500]: ESP/Tunnel xx.yy.216.191->x.yy.57.73 with
> > spi=236260712(0xe150d68)_
> > 2011 Jan 12 10:42:41 [FVS338] [IKE] IPsec-SA established[UDP encap
> > 4500->4500]: ESP/Tunnel x.yy.57.73->xx.yy.216.191 with
> > spi=179647494(0xab53406)_
>
> David,
>
> It says an IPsec SA has been established. Since this is a Linux client
> host, have you read the following post?
>
> http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html
>
> -Matthew
--
David Borges
Director of Network Administration
3720 Davinci Court, Suite 200
Norcross GA, 30092
www.skitter.tv
More information about the vpn-help
mailing list