Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VPN working, but they can't ping our internal network

Posted on 2006-07-14
16
Medium Priority
?
868 Views
Last Modified: 2013-11-16
We have the following VPN path setup with an outside vendor:

[them]----[internet]----[our firewall]----[switch]----[domain controller, internal network, etc]

The VPN (ipsec) tunnel has been established and they can ping our firewall box, and we can ping them, but they can't ping anything past the firewall.  They're trying to ping an internal networked printer but get timed out.  I can ping to theirs just fine.

Since they can ping the firewall itself, I'm assuming something is holding it up at the domain controller level.  What do I need to check to allow them to ping internal machines?

Kevin
0
Comment
Question by:Kevin Smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +6
16 Comments
 
LVL 20

Accepted Solution

by:
RPPreacher earned 264 total points
ID: 17110598
You need an access list permitting traffic from the firewall to the internal network
0
 
LVL 3

Assisted Solution

by:wingspin
wingspin earned 248 total points
ID: 17110609
It could be several things.  
I'd check the default gateway setting of the remote VPN client.  The external IP address of the firewall won't do it.  It depends your setup as to what the gateway IP address should be.  You can try making their own IP address if you're stumped.

Is the VPN port NAT-ed to your domain controller?  

Are you running the Win-logon script after the VPN connects?  



0
 
LVL 2

Assisted Solution

by:just-one-it
just-one-it earned 248 total points
ID: 17110819
What type of vpn are you using?  Is the IP assigned to the vpn client in the same subnet as the printer they are trying to ping?
0
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

 
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 248 total points
ID: 17110863
What type of firewall?  What is you VPN client?
0
 
LVL 2

Expert Comment

by:just-one-it
ID: 17110887
Is there an echo in here? ;)
0
 
LVL 9

Assisted Solution

by:NYtechGuy
NYtechGuy earned 248 total points
ID: 17110921

It may also be routing:

- Is your network only one subnet, or are there other subnets/routers involved behind your firewall?  They may not have the necessary routes.
0
 
LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 248 total points
ID: 17111507
Check my previously answered question on expertsexchange.

http://www.experts-exchange.com/Networking/Q_21774941.html

It may apply to you also.

Good luck.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 248 total points
ID: 17111593
Is the "firewall box" the default gateway for the devices you are trying to ping.
i.e. is the firewall box's LAN IP the added to the printer's configuration as it's gateway?
Also, the local and remote LAN subnets need to be different for the VPN.
0
 

Author Comment

by:Kevin Smith
ID: 17111605
Yes, the box is the the default gateway, but he can't ping any machine even if it is configured with the default gateway.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17111647
-Are the subnets different ? The 2 LAN's should be.
-Are "they" pinging the LAN or the WAN IP of the firewall ?
-perhaps as asked earlier if you could provide more information as to the VPN configuration such as hardware make and model, and the client you are using, we could better assist.
0
 
LVL 7

Assisted Solution

by:nttranbao
nttranbao earned 248 total points
ID: 17120155
from "them", open command promt and use tracert or pathping to trace the route. See whiere it stops responding.

I guess this is because of the firewall NOT allow ICMP from outside into the internal network. There would be nothing to do with routing since your internal network can ping "them" successfully.

If possible , tell us what kind of your Firewall? a computer or a cisco?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 17120732
Did you ever add an access-list?  It was the first suggestion and a very common issue with VPN connectivity issues.
0
 

Author Comment

by:Kevin Smith
ID: 17140637
The problem "fixed itself", althought I didn't do anything (guessing it might have been something on their end after all).  I didn't use any of the answers above, but did learn some things so I'm gonna split up the points to everybody if that's cool.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 17140643
Thanks.  Glad it resolved.
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17141608
Glad I could be of assistance. Thanks!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17142005
Thanks ksmithscs,
--Rob
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question