Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 515
  • Last Modified:

LAN PC ping Netgear VPN Client

I have the Netgear VPN Client setup, and I'm trying to ping the VPN Client from a LAN PC.  Is this possible?  I can't seem to get it to work, but I know I am using a local ip (10.1.11.10) for the client.  And the PC I'm trying to ping from is 10.1.10.xx.

VPN box is a FVS318v3  
0
cmb991
Asked:
cmb991
  • 8
  • 5
  • 3
1 Solution
 
Ioannis_AvgerosCommented:
It should be possibe if your VPN box is set to route traffic between the two networks. If it is set to do NAT from the VPN client to the internal network then i guess you cant reach the VPN client.
0
 
Ioannis_AvgerosCommented:
Furthermore do a trace to see where the traffic stops and also try to ping from the VPN client to the LAN PC. if it works that way then for sure your're doing NAT from the VPN client network to the internal one.
0
 
cmb991Author Commented:
Ping from the VPN Client to the LAN works.  I did netstat -n on a Remote Desktop Connection and it is pointing to 10.1.11.10.  I will do the trace.
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
Ioannis_AvgerosCommented:
Could there be a firewall rule preventing traffic from reaching the VPN client from the lan side? Have you verified that you are indeed routing traffic between the two networks and not doing NAT? Can you clarify the RDP Connection comment? Is that a server inside the LAN that you connected to using the VPN client?
0
 
cmb991Author Commented:
I have to be going through the VPN and not NAT because when I do netstat -n, it shows the vpn ip which is 10.1.11.10 on port 3389.  The only firewall is the FVS318's.  I'm not sure if it unblocks it automatically... What port would have to be used for the ping?  I did a tracert on the server to 10.1.11.10 and it keeps saying request timed out.

RDP Comment:
I connected to the VPN using the Netgear VPN Client, then connected the a Remote Desktop Computer on 10.1.10.50.  So I know I'm using the VPN.
0
 
Ioannis_AvgerosCommented:
Hmmmm, how about if you tried to RDP to the VPN Client from a LAN PC? Maybe only ICMP traffic gets blocked by the box.

Ping doesn't use ports (http://www.techexams.net/forums/network/8777-icmp-port-number.html).
0
 
Ioannis_AvgerosCommented:
Does the VPN box have a routing information section or something like that that would allow one to check the actual routing table?
0
 
cmb991Author Commented:
Just:
Direction/Type - This setting is used when determining if the IKE policy matches the current traffic. Select the desired option.

Initiator - Outgoing connections are allowed, but incoming connections will be blocked.
Responder - Incoming connections are allowed, but outgoing connections will be blocked.
Both Directions - Both incoming and outgoing connections are allowed.
Remote Access - This is to allow only incoming client connections, where the IP address of the remote client is unknown. If selected, the "Exchange Mode" MUST be "Aggressive", and the "Identity" (both Local and Remote) MUST be "Name".
On the matching VPN Policy, the IP address of the remote VPN endpoint should be set to 0.0.0.0



Mines set on Remote Access...
0
 
SysExpertCommented:
try changing to both Directions, but you may be required to have both ends with fixed IPs

Many simpler routers may not allow bidirectional access with a VPN clinet.

I would also check the documentation and netgear site,

I hope this helps !
0
 
cmb991Author Commented:
I made a new policy on both directions.  I connected to the RDC and tried to ping 10.1.11.11 (New policy ip), and it timed out.  Then I did a tracert, and it said 'Tracting route to LAPTOPNAME ] 10.1.11.11'.  So now its able to resolve the name of the connection, it just isn't able to ping it.  I wonder what else I could try... I noticed that when I do ipconfig on my laptop (the vpn client), the subnet mask is 255.255.255.255, and the network operates on 255.255.255.0.  I'm wondering if that has anything to do with it?
0
 
cmb991Author Commented:
I followed the documentation I believe... This is what it says.

A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically assigned
to be located by a host name or domain name. It provides a central public database where
information (such as email addresses, host names and IP addresses) can be stored and retrieved.
Now, a gateway can be configured to use a 3rd party service in lieu of a permanent and unchanging
IP address to establish bi-directional VPN connectivity.



http://kbserver.netgear.com/pdf/vpn_client2fvs.pdf
0
 
cmb991Author Commented:
Diagnostic - Routing Table
 
Destination       Mask         Gateway       Metric       Active
0.0.0.0      0.0.0.0               10.1.11.1      1               YES
10.1.10.0      255.255.255.0       10.1.10.1      1             YES
10.1.11.0      255.255.255.0      10.1.11.38      1              YES
0
 
SysExpertCommented:
Like I said, your router may not support this with your specific configuration.

0
 
cmb991Author Commented:
How can I find out if it does?  I found a manual online that I posted above that said it supports bidirectional....
0
 
SysExpertCommented:
It seems that if one end is dynamic and the other end static, you need yo set up a DNS name for the dynamic IP ( DDNS ) with a third party company in order to get bidirectional to work.

type in


dynamic DNS free

into a google search for some options

I hope this helps !
0
 
cmb991Author Commented:
Thanks!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now