Can't ping hosts on VPN or any external hosts (eg google.com)

Hi all,

I just noticed today that I can no longer ping any of our VPN endpoints (all Sonicwalls), though our own SW reports that the VPNs are active.  I also cannot ping any external hosts, such as google.com, yahoo.com, etc...

I just noticed this today, it's certainly a very new problem, as I have batch files written that ping our various VPN endpoints, and I run them frequently if there's ever an issue, or I want to confirm connectivity, and they have always worked before.

If I use a different Internet connection (not connected to the SW), I can ping Google etc, so it's not a Windows issue.  I have done 2 soft restarts and 1 hard restart on our SW.  Immediately after restarting, the SW allows pings to all of the locations I mentioned above, but then the replies stop, about 20-30 seconds after restarting.  Around the same time, I see in the logs this message:

ICMP packet dropped due to policy

The funny part in all this, is that the SW has not been changed in months, so I don't get why it's suddenly blocking all these outbound pings.

Does anyone know what I could check or change to restore the ability to ping?

Thanks

Paul
paulc2000Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
0xSaPx0Connect With a Mentor Commented:
The log entry shows that per the policy (firewall rules) interface X1 --> X0 does not allow ICMP through.

If you review the policy and believe this is adverse to the policy you will need to contact Sonicwall support for further assistance.
0
 
0xSaPx0Commented:
Sounds like you have ICMP disabled in your Sonicwalls. Check there, likely everything is working find but the Sonicwall configuration was updated to disallow this at some point by someone.
0
 
paulc2000Author Commented:
Thanks, but nothing was changed.

Anyway, how do I enable it?  Googling it just shows how to set up the Sonicwall to respond to pings.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
0xSaPx0Commented:
Well something has changed, you used to be able to ping and now you cannot.

The messages you are getting via the log are from the sonicwalls saying ICMP is not permitted by the policy, so most likely the policy used by the sonicwalls are disableing ICMP.
0
 
paulc2000Author Commented:
I can't see what policy is blocking it, and I don't understand why a ping would be blocked on a VPN, in any case?

Here is the full log entry, if there's anything more you can see.  This is what happens when my PC (192.168.3.40) has a continuous ping to google.ie (193.120.166.95).  As I mentioned above, the first ~75 pings after a restart reply as normal, but then the new policy kicks in.  Why doesn't it kick in immediately?  None of this makes sense...

Sonicwall log entry
0
 
paulc2000Author Commented:
There is no such policy for the WAN interfaces, nor is there for the VPN.  I will contact SW support.  Thanks for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.