Solved

cant ping from VPN concentrator

Posted on 2007-04-11
6
226 Views
Last Modified: 2011-10-03
i have a VPN concentrator 3000 series - and all of a sudden users that are vpn'ed in cant access subnets at our remote offices. i cant ping other subnets from inside the vpn concentrator either.
0
Comment
Question by:jmcrae72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 8

Expert Comment

by:RGRodgers
ID: 18893807
Obvious questions are:  What changed?  What have you done to try to resolve it?  When you did that, what happened?  
0
 

Author Comment

by:jmcrae72
ID: 18894622
only an admin password - nothing that i know of. if i vpn in and tracert to a  remote subnet it routes the packets out the public interface when it should goto the default router 172.16.1.1 not 4.x.x.x.
From the 172.16.1.1 router you can get to anything.
0
 
LVL 8

Expert Comment

by:RGRodgers
ID: 18904923
If you look at how it really operates, tracert is basically a hack.  It does not follow the VPN path.  And, it many cases, it offers a best guess of the path.  It is a good troubleshooting tool, but don't believe everything it tells you, especially when looking at a VPN.

You say this happened all of a sudden.  I assume from that statement that what isn't working now was working before it suddenly didn't.  Something changed to make thsi happen.

Why don't you connect, do a "ipconfig /all" and past the results here.  Do the same with "route print".  That could get us started.
0
 

Author Comment

by:jmcrae72
ID: 18906269
ok we figured it out - i was locking down routers last week and i disabled proxy arp on the router next to the vpn. i have static routes that were pointing to the destination as "interface" so we changed it to "router address" under "configuration"  "static routes" and we were back up agin.
i had to open a TAC case - i would have never put those two together.
thanks for the replys.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19421680
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question