We help IT Professionals succeed at work.

LAN PC ping Netgear VPN Client

530 Views
Last Modified: 2012-06-21
I have the Netgear VPN Client setup, and I'm trying to ping the VPN Client from a LAN PC.  Is this possible?  I can't seem to get it to work, but I know I am using a local ip (10.1.11.10) for the client.  And the PC I'm trying to ping from is 10.1.10.xx.

VPN box is a FVS318v3  
Comment
Watch Question

It should be possibe if your VPN box is set to route traffic between the two networks. If it is set to do NAT from the VPN client to the internal network then i guess you cant reach the VPN client.
Furthermore do a trace to see where the traffic stops and also try to ping from the VPN client to the LAN PC. if it works that way then for sure your're doing NAT from the VPN client network to the internal one.
Christopher BruderCybersecurity Engineer

Author

Commented:
Ping from the VPN Client to the LAN works.  I did netstat -n on a Remote Desktop Connection and it is pointing to 10.1.11.10.  I will do the trace.
Could there be a firewall rule preventing traffic from reaching the VPN client from the lan side? Have you verified that you are indeed routing traffic between the two networks and not doing NAT? Can you clarify the RDP Connection comment? Is that a server inside the LAN that you connected to using the VPN client?
Christopher BruderCybersecurity Engineer

Author

Commented:
I have to be going through the VPN and not NAT because when I do netstat -n, it shows the vpn ip which is 10.1.11.10 on port 3389.  The only firewall is the FVS318's.  I'm not sure if it unblocks it automatically... What port would have to be used for the ping?  I did a tracert on the server to 10.1.11.10 and it keeps saying request timed out.

RDP Comment:
I connected to the VPN using the Netgear VPN Client, then connected the a Remote Desktop Computer on 10.1.10.50.  So I know I'm using the VPN.
Hmmmm, how about if you tried to RDP to the VPN Client from a LAN PC? Maybe only ICMP traffic gets blocked by the box.

Ping doesn't use ports (http://www.techexams.net/forums/network/8777-icmp-port-number.html).
Does the VPN box have a routing information section or something like that that would allow one to check the actual routing table?
Christopher BruderCybersecurity Engineer

Author

Commented:
Just:
Direction/Type - This setting is used when determining if the IKE policy matches the current traffic. Select the desired option.

Initiator - Outgoing connections are allowed, but incoming connections will be blocked.
Responder - Incoming connections are allowed, but outgoing connections will be blocked.
Both Directions - Both incoming and outgoing connections are allowed.
Remote Access - This is to allow only incoming client connections, where the IP address of the remote client is unknown. If selected, the "Exchange Mode" MUST be "Aggressive", and the "Identity" (both Local and Remote) MUST be "Name".
On the matching VPN Policy, the IP address of the remote VPN endpoint should be set to 0.0.0.0



Mines set on Remote Access...
CERTIFIED EXPERT
Top Expert 2007

Commented:
try changing to both Directions, but you may be required to have both ends with fixed IPs

Many simpler routers may not allow bidirectional access with a VPN clinet.

I would also check the documentation and netgear site,

I hope this helps !
Christopher BruderCybersecurity Engineer

Author

Commented:
I made a new policy on both directions.  I connected to the RDC and tried to ping 10.1.11.11 (New policy ip), and it timed out.  Then I did a tracert, and it said 'Tracting route to LAPTOPNAME ] 10.1.11.11'.  So now its able to resolve the name of the connection, it just isn't able to ping it.  I wonder what else I could try... I noticed that when I do ipconfig on my laptop (the vpn client), the subnet mask is 255.255.255.255, and the network operates on 255.255.255.0.  I'm wondering if that has anything to do with it?
Christopher BruderCybersecurity Engineer

Author

Commented:
I followed the documentation I believe... This is what it says.

A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically assigned
to be located by a host name or domain name. It provides a central public database where
information (such as email addresses, host names and IP addresses) can be stored and retrieved.
Now, a gateway can be configured to use a 3rd party service in lieu of a permanent and unchanging
IP address to establish bi-directional VPN connectivity.



http://kbserver.netgear.com/pdf/vpn_client2fvs.pdf
Christopher BruderCybersecurity Engineer

Author

Commented:
Diagnostic - Routing Table
 
Destination       Mask         Gateway       Metric       Active
0.0.0.0      0.0.0.0               10.1.11.1      1               YES
10.1.10.0      255.255.255.0       10.1.10.1      1             YES
10.1.11.0      255.255.255.0      10.1.11.38      1              YES
CERTIFIED EXPERT
Top Expert 2007

Commented:
Like I said, your router may not support this with your specific configuration.

Christopher BruderCybersecurity Engineer

Author

Commented:
How can I find out if it does?  I found a manual online that I posted above that said it supports bidirectional....
CERTIFIED EXPERT
Top Expert 2007
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Christopher BruderCybersecurity Engineer

Author

Commented:
Thanks!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.