• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 82
  • Last Modified:

vpn ping issue

Hello folks:

I was just wondering if I can pick your brains on this one:

i have setup a vpn between two sites. One site has a Linksys router and the other Juniper router.

created two tunnels: 1st tunnel: 192.168.5.x  <----> 192.168.200.x  this one working fine. ping going across both sides fine
2nd tunnel:  192.168.150.x <------------>  192.168.160.x   .  can ping from 192.168.160.x  but not from 192.168.150.x

both tunnels have exaclt: ipset configs settings.     i have deleted and recreated the 2nd tunner on the Linksys site but still the 2nd tunnel can not ping the remote sites.  keep in mind, both sides showing tunnel is connected.

i know something is not right on the juniper sites ... can anyone recommend what to look for on the juniper site?
0
mwauki
Asked:
mwauki
  • 3
1 Solution
 
rharland2009Commented:
What is the subnet mask of the 192.168.150.x network on the 2nd tunnel?
Also, do any firewall rules enter into this equation?
Third, can you pass any OTHER traffic over the problematic tunnel - like http or something?
Finally, are you able to watch counters for the tunnel and see traffic of any sort passing from the problem side?
0
 
mwaukiAuthor Commented:
255.255.255.0

192.168.150.x has no firewall except the defaults... but still don't make sense y the duplicate tunnel works fine but not this one?

gonna try to pass http thru.   I can't see the ping coming from the other end on my logs on the Linksys.
0
 
QlemoC++ DeveloperCommented:
Did you check the Windows Firewall settings on .160 (if those are Windows clients)?
And "tunnel up" isn't reliable - the tunnel might still be in failing negotiation.

The Juniper site is able to switch on specific logging for traffic, and should make use of that for troubleshooting. They might not have an inbound policy for that traffic.
0
 
mwaukiAuthor Commented:
thank you all for you time and support... issue has been resolved.  the other end of the tunnel, the operator, said he dissected the firewall and noticed I was sending in a mask packet? lol.  all is good now
0
 
mwaukiAuthor Commented:
thanks for support
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now