Solved

vpn ping issue

Posted on 2014-12-17
5
72 Views
Last Modified: 2015-04-16
Hello folks:

I was just wondering if I can pick your brains on this one:

i have setup a vpn between two sites. One site has a Linksys router and the other Juniper router.

created two tunnels: 1st tunnel: 192.168.5.x  <----> 192.168.200.x  this one working fine. ping going across both sides fine
2nd tunnel:  192.168.150.x <------------>  192.168.160.x   .  can ping from 192.168.160.x  but not from 192.168.150.x

both tunnels have exaclt: ipset configs settings.     i have deleted and recreated the 2nd tunner on the Linksys site but still the 2nd tunnel can not ping the remote sites.  keep in mind, both sides showing tunnel is connected.

i know something is not right on the juniper sites ... can anyone recommend what to look for on the juniper site?
0
Comment
Question by:mwauki
  • 3
5 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40504591
What is the subnet mask of the 192.168.150.x network on the 2nd tunnel?
Also, do any firewall rules enter into this equation?
Third, can you pass any OTHER traffic over the problematic tunnel - like http or something?
Finally, are you able to watch counters for the tunnel and see traffic of any sort passing from the problem side?
0
 

Author Comment

by:mwauki
ID: 40505885
255.255.255.0

192.168.150.x has no firewall except the defaults... but still don't make sense y the duplicate tunnel works fine but not this one?

gonna try to pass http thru.   I can't see the ping coming from the other end on my logs on the Linksys.
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40507719
Did you check the Windows Firewall settings on .160 (if those are Windows clients)?
And "tunnel up" isn't reliable - the tunnel might still be in failing negotiation.

The Juniper site is able to switch on specific logging for traffic, and should make use of that for troubleshooting. They might not have an inbound policy for that traffic.
0
 

Author Comment

by:mwauki
ID: 40515904
thank you all for you time and support... issue has been resolved.  the other end of the tunnel, the operator, said he dissected the firewall and noticed I was sending in a mask packet? lol.  all is good now
0
 

Author Closing Comment

by:mwauki
ID: 40728636
thanks for support
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question