<font color='black' size='2' face='arial'>
<div>Hi, Thanks for the reply.</div>
<div>This makes very good sense for the windows machines behind the VPN, but the thrust of my work is to enable a VPN user to monitor a DVR video security system.</div>
<div>It's a hardware device with no firewall software at all on it.</div>
<div> </div>
<div>What I've learned since my original post is that the results are inconsistent. Sometimes when I connect, I can get to the device (ping, browser, etc), other times, I cannot ...Yet the device is still pingable via the Diagnostics page on the VPN Web Console. When I can ping it from my remote location, I can connect to it and view the cameras. When I cannot ping it, I cannot connect to it....confirming that when no ping...no other services available.</div>
<div>When I can't get to the device, I look to see if I still have my SA's. And yes I do. So this is a bewildering problem....sigh. </div>
<div> </div>
<div>Suspicions:</div>
<div>Netgear came out with a new firmware in August. ..so maybe I'll try putting that into the device today. </div>
<div>My other slightly suspicious thing is the Shrewnet client as I've begun using the 2.1.7 beta for a few days now..<br>
<br>
</div>
<div>Regards,</div>
<div>Mike<br>
</div>
<div style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: arial,helvetica">-----Original Message-----<br>
From: Michal Wegrzyn <Michal@comfortel.pl><br>
To: vpn-help@lists.shrew.net<br>
Sent: Mon, Sep 6, 2010 3:07 am<br>
Subject: Re: [vpn-help] Can't ping some IP addresses behind VPN<br>
<br>
<div id=AOLMsgPart_3_aa1372c8-f16b-4bb3-b691-2cfd849a3804>
<div>
<div><FONT size=2>Hi Mike,</FONT></div>
<div><FONT size=2></FONT> </div>
<div><FONT size=2>Disable Firewall on devices and check pings.</FONT></div>
<div><FONT size=2>Default in Windows only respond on the same subnet while in VPN ModeConfig You have different subnet so Windowses drops Your packets.</FONT></div>
<div><FONT size=2></FONT> </div>
<div><FONT size=2>Regards,</FONT></div>
<div><FONT size=2> Michal</FONT></div>
</div>
<BLOCKQUOTE style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<div style="FONT: 10pt arial">----- Original Message ----- </div>
<div style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> <A title=mikelupo@aol.com href="mailto:mikelupo@aol.com">mikelupo@aol.com</A> </div>
<div style="FONT: 10pt arial"><B>To:</B> <A title=vpn-help@lists.shrew.net href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</A> </div>
<div style="FONT: 10pt arial"><B>Sent:</B> Saturday, September 04, 2010 3:58 AM</div>
<div style="FONT: 10pt arial"><B>Subject:</B> [vpn-help] Can't ping some IP addresses behind VPN</div>
<div><br>
</div>
<FONT face=arial color=black size=2>
<div>Hi Matthew et. al,</div>
<div>I have a Netgear FVS318G vpn router. I can connect to it using Shrew 2.1.6 (latest released version).</div>
<div>Iked.log is attached.</div>
<div> </div>
<div>Once I make my connection, I can ping the VPN's local internal address on the remote network (192.168.1.1). I even confirm that <A href="https://192.168.1.1:8080/" target=_blank>https://192.168.1.1:8080</A> will render the VPN admin console. So this confirms that I'm really reaching the VPN on the remote LAN. </div>
<div>I however, cannot ping devices that I know are running in the LAN beyond the gateway. It seems my packets are being dropped. I can confirm these target addresses are pingable using the Netgear VPN admin console diagnostics. (i.e. 192.168.1.7)</div>
<div>In the VPN Trace utility, I see only two SA's (Mature ESP types). Both show positive traffic flow.</div>
<div> </div>
<div>Topology:</div>
<div>VPN Local network side: 192.168.1.0/24</div>
<div>Mode Config address pool: 192.168.2.50 - 100</div>
<div>Local Lan: 10.0.0.0/24</div>
<div> </div>
<div>I figure Matt, you'd want to know this for the Policy Tab.</div>
<div>Policy Generation Level = Auto</div>
<div>s:policy-list-include:192.168.1.0 / 255.255.255.0<br>
</div>
<div>Does my iked log give any hints?</div>
<div> </div>
<div>Thanks in advance,</div>
<div>Mike</div>
</FONT>
<div>
<HR>
<div></div>
_______________________________________________<br>
vpn-help mailing list<br>
<A href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</A><br>
<A href="http://lists.shrew.net/mailman/listinfo/vpn-help" target=_blank>http://lists.shrew.net/mailman/listinfo/vpn-help</A><br>
</BLOCKQUOTE></div>
<!-- end of AOLMsgPart_3_aa1372c8-f16b-4bb3-b691-2cfd849a3804 -->
<div id=AOLMsgPart_4_aa1372c8-f16b-4bb3-b691-2cfd849a3804 style="FONT-SIZE: 12px; MARGIN: 0px; COLOR: #000; FONT-FAMILY: Tahoma, Verdana, Arial, Sans-Serif; BACKGROUND-COLOR: #fff"><PRE style="FONT-SIZE: 9pt"><TT>_______________________________________________
vpn-help mailing list
<A href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</A>
<A href="http://lists.shrew.net/mailman/listinfo/vpn-help" target=_blank>http://lists.shrew.net/mailman/listinfo/vpn-help</A>
</TT></PRE></div>
<!-- end of AOLMsgPart_4_aa1372c8-f16b-4bb3-b691-2cfd849a3804 --></div>
</font>