PPTP connection but can't ping devices inside of network

Posted on 2012-08-13
Last Modified: 2012-10-08
I have a WatchGuard v11.5.2 setup in our Scotland office. When I connect via Windows VPN client via PPTP I can connect successfully but I can't ping any devices inside of their network. I think I have everything setup correctly but I must be missing something or it is configured incorrectly.

I have the WG device handing out DHCP addresses for both the internal network and the PPTP. The IP that I am receiving when I connect PPTP is and the IP that I am trying to PING is I know this machine is up because I am connected to if on our office network through the BOVPN tunnel. I can PING the gateway with no problem (

I don't see any failures and I can see in the System Manager that I am connected and it is passing packets.

Has anyone else seen this or can you tell me what to look for? Thanks for any help/advise you can offer!
Question by:CCG3
    LVL 31

    Assisted Solution

    What is the IP of your outside computer while you're connecting to VPN? The subnet of the connecting PC must be different from the subnet it is VPNing into. E.g. it must NOT be

    Also, I'm not sure if the WatchGuard device is both the router, AND the VPN server... but if the VPN server is a separate machine then you need to make sure the router and firewall are forwarding / allowing TCP port 1723, and GRE Protocol 47 through.

    Author Comment

    WG is both the router and the VPN server. My IP is 192.168.0.x on my local machine.
    LVL 12

    Accepted Solution

    on your pptp connection, is the tcp/ip enabled as use default gateway for remote connections!

    Author Comment

    No it isnt. But the route entry in the routing table that gets put is correct. And if I do a tracert it goes straight to the gateway, and that us as far as it gets.

    Author Comment

    Ok, so I changed the setting on the PPTP connection to use default gateway and it does start working. Problem with this is that it routes all traffic through the Firewall then. Is there anyway I can set the route correctly in WatchGuard to not need this turned on like this?

    Author Comment

    This has been open too long. i am guessing there is no answer.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now