Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

vpn ping issue

Posted on 2014-12-17
5
Medium Priority
?
78 Views
Last Modified: 2015-04-16
Hello folks:

I was just wondering if I can pick your brains on this one:

i have setup a vpn between two sites. One site has a Linksys router and the other Juniper router.

created two tunnels: 1st tunnel: 192.168.5.x  <----> 192.168.200.x  this one working fine. ping going across both sides fine
2nd tunnel:  192.168.150.x <------------>  192.168.160.x   .  can ping from 192.168.160.x  but not from 192.168.150.x

both tunnels have exaclt: ipset configs settings.     i have deleted and recreated the 2nd tunner on the Linksys site but still the 2nd tunnel can not ping the remote sites.  keep in mind, both sides showing tunnel is connected.

i know something is not right on the juniper sites ... can anyone recommend what to look for on the juniper site?
0
Comment
Question by:mwauki
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40504591
What is the subnet mask of the 192.168.150.x network on the 2nd tunnel?
Also, do any firewall rules enter into this equation?
Third, can you pass any OTHER traffic over the problematic tunnel - like http or something?
Finally, are you able to watch counters for the tunnel and see traffic of any sort passing from the problem side?
0
 

Author Comment

by:mwauki
ID: 40505885
255.255.255.0

192.168.150.x has no firewall except the defaults... but still don't make sense y the duplicate tunnel works fine but not this one?

gonna try to pass http thru.   I can't see the ping coming from the other end on my logs on the Linksys.
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1500 total points
ID: 40507719
Did you check the Windows Firewall settings on .160 (if those are Windows clients)?
And "tunnel up" isn't reliable - the tunnel might still be in failing negotiation.

The Juniper site is able to switch on specific logging for traffic, and should make use of that for troubleshooting. They might not have an inbound policy for that traffic.
0
 

Author Comment

by:mwauki
ID: 40515904
thank you all for you time and support... issue has been resolved.  the other end of the tunnel, the operator, said he dissected the firewall and noticed I was sending in a mask packet? lol.  all is good now
0
 

Author Closing Comment

by:mwauki
ID: 40728636
thanks for support
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question