<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18928">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>
<DIV><FONT size=2>Hi Mike,</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Disable Firewall on devices and check pings.</FONT></DIV>
<DIV><FONT size=2>Default in Windows only respond on the same subnet while in
VPN ModeConfig You have different subnet so Windowses drops Your
packets.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Regards,</FONT></DIV>
<DIV><FONT size=2> Michal</FONT></DIV></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=mikelupo@aol.com href="mailto:mikelupo@aol.com">mikelupo@aol.com</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=vpn-help@lists.shrew.net
href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, September 04, 2010 3:58
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [vpn-help] Can't ping some IP
addresses behind VPN</DIV>
<DIV><BR></DIV><FONT color=black size=2 face=arial>
<DIV>Hi Matthew et. al,</DIV>
<DIV>I have a Netgear FVS318G vpn router. I can connect to it using
Shrew 2.1.6 (latest released version).</DIV>
<DIV>Iked.log is attached.</DIV>
<DIV> </DIV>
<DIV>Once I make my connection, I can ping the VPN's local internal address on
the remote network (192.168.1.1). I even confirm that <A
href="https://192.168.1.1:8080">https://192.168.1.1:8080</A> will render the
VPN admin console. So this confirms that I'm really reaching the VPN on the
remote LAN. </DIV>
<DIV>I however, cannot ping devices that I know are running in the LAN beyond
the gateway. It seems my packets are being dropped. I can confirm these
target addresses are pingable using the Netgear VPN admin console
diagnostics. (i.e. 192.168.1.7)</DIV>
<DIV>In the VPN Trace utility, I see only two SA's (Mature ESP types). Both
show positive traffic flow.</DIV>
<DIV> </DIV>
<DIV>Topology:</DIV>
<DIV>VPN Local network side: 192.168.1.0/24</DIV>
<DIV>Mode Config address pool: 192.168.2.50 - 100</DIV>
<DIV>Local Lan: 10.0.0.0/24</DIV>
<DIV> </DIV>
<DIV>I figure Matt, you'd want to know this for the Policy Tab.</DIV>
<DIV>Policy Generation Level = Auto</DIV>
<DIV>s:policy-list-include:192.168.1.0 / 255.255.255.0<BR></DIV>
<DIV>Does my iked log give any hints?</DIV>
<DIV> </DIV>
<DIV>Thanks in advance,</DIV>
<DIV>Mike</DIV></FONT>
<P>
<HR>
<P></P>_______________________________________________<BR>vpn-help mailing
list<BR>vpn-help@lists.shrew.net<BR>http://lists.shrew.net/mailman/listinfo/vpn-help<BR></BLOCKQUOTE></BODY></HTML>