Solved

LAN PC ping Netgear VPN Client

Posted on 2010-09-14
16
490 Views
Last Modified: 2012-06-21
I have the Netgear VPN Client setup, and I'm trying to ping the VPN Client from a LAN PC.  Is this possible?  I can't seem to get it to work, but I know I am using a local ip (10.1.11.10) for the client.  And the PC I'm trying to ping from is 10.1.10.xx.

VPN box is a FVS318v3  
0
Comment
Question by:cmb991
  • 8
  • 5
  • 3
16 Comments
 
LVL 5

Expert Comment

by:Ioannis_Avgeros
ID: 33677920
It should be possibe if your VPN box is set to route traffic between the two networks. If it is set to do NAT from the VPN client to the internal network then i guess you cant reach the VPN client.
0
 
LVL 5

Expert Comment

by:Ioannis_Avgeros
ID: 33677930
Furthermore do a trace to see where the traffic stops and also try to ping from the VPN client to the LAN PC. if it works that way then for sure your're doing NAT from the VPN client network to the internal one.
0
 
LVL 1

Author Comment

by:cmb991
ID: 33677936
Ping from the VPN Client to the LAN works.  I did netstat -n on a Remote Desktop Connection and it is pointing to 10.1.11.10.  I will do the trace.
0
 
LVL 5

Expert Comment

by:Ioannis_Avgeros
ID: 33677994
Could there be a firewall rule preventing traffic from reaching the VPN client from the lan side? Have you verified that you are indeed routing traffic between the two networks and not doing NAT? Can you clarify the RDP Connection comment? Is that a server inside the LAN that you connected to using the VPN client?
0
 
LVL 1

Author Comment

by:cmb991
ID: 33678014
I have to be going through the VPN and not NAT because when I do netstat -n, it shows the vpn ip which is 10.1.11.10 on port 3389.  The only firewall is the FVS318's.  I'm not sure if it unblocks it automatically... What port would have to be used for the ping?  I did a tracert on the server to 10.1.11.10 and it keeps saying request timed out.

RDP Comment:
I connected to the VPN using the Netgear VPN Client, then connected the a Remote Desktop Computer on 10.1.10.50.  So I know I'm using the VPN.
0
 
LVL 5

Expert Comment

by:Ioannis_Avgeros
ID: 33678023
Hmmmm, how about if you tried to RDP to the VPN Client from a LAN PC? Maybe only ICMP traffic gets blocked by the box.

Ping doesn't use ports (http://www.techexams.net/forums/network/8777-icmp-port-number.html).
0
 
LVL 5

Expert Comment

by:Ioannis_Avgeros
ID: 33678053
Does the VPN box have a routing information section or something like that that would allow one to check the actual routing table?
0
 
LVL 1

Author Comment

by:cmb991
ID: 33678473
Just:
Direction/Type - This setting is used when determining if the IKE policy matches the current traffic. Select the desired option.

Initiator - Outgoing connections are allowed, but incoming connections will be blocked.
Responder - Incoming connections are allowed, but outgoing connections will be blocked.
Both Directions - Both incoming and outgoing connections are allowed.
Remote Access - This is to allow only incoming client connections, where the IP address of the remote client is unknown. If selected, the "Exchange Mode" MUST be "Aggressive", and the "Identity" (both Local and Remote) MUST be "Name".
On the matching VPN Policy, the IP address of the remote VPN endpoint should be set to 0.0.0.0



Mines set on Remote Access...
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 63

Expert Comment

by:SysExpert
ID: 33678747
try changing to both Directions, but you may be required to have both ends with fixed IPs

Many simpler routers may not allow bidirectional access with a VPN clinet.

I would also check the documentation and netgear site,

I hope this helps !
0
 
LVL 1

Author Comment

by:cmb991
ID: 33678833
I made a new policy on both directions.  I connected to the RDC and tried to ping 10.1.11.11 (New policy ip), and it timed out.  Then I did a tracert, and it said 'Tracting route to LAPTOPNAME ] 10.1.11.11'.  So now its able to resolve the name of the connection, it just isn't able to ping it.  I wonder what else I could try... I noticed that when I do ipconfig on my laptop (the vpn client), the subnet mask is 255.255.255.255, and the network operates on 255.255.255.0.  I'm wondering if that has anything to do with it?
0
 
LVL 1

Author Comment

by:cmb991
ID: 33678942
I followed the documentation I believe... This is what it says.

A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically assigned
to be located by a host name or domain name. It provides a central public database where
information (such as email addresses, host names and IP addresses) can be stored and retrieved.
Now, a gateway can be configured to use a 3rd party service in lieu of a permanent and unchanging
IP address to establish bi-directional VPN connectivity.



http://kbserver.netgear.com/pdf/vpn_client2fvs.pdf
0
 
LVL 1

Author Comment

by:cmb991
ID: 33679038
Diagnostic - Routing Table
 
Destination       Mask         Gateway       Metric       Active
0.0.0.0      0.0.0.0               10.1.11.1      1               YES
10.1.10.0      255.255.255.0       10.1.10.1      1             YES
10.1.11.0      255.255.255.0      10.1.11.38      1              YES
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 33688159
Like I said, your router may not support this with your specific configuration.

0
 
LVL 1

Author Comment

by:cmb991
ID: 33737619
How can I find out if it does?  I found a manual online that I posted above that said it supports bidirectional....
0
 
LVL 63

Accepted Solution

by:
SysExpert earned 500 total points
ID: 33740681
It seems that if one end is dynamic and the other end static, you need yo set up a DNS name for the dynamic IP ( DDNS ) with a third party company in order to get bidirectional to work.

type in


dynamic DNS free

into a google search for some options

I hope this helps !
0
 
LVL 1

Author Closing Comment

by:cmb991
ID: 33755251
Thanks!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now