Cannot ping devices over a VPN using a fortigate and draytek

HI, I have a draytek vigor 2760 and a fortigate 60c, I have setup a site to site VPN and can ping the server. But I cannot ping anything within the business network.

Main office
Fortigate 60c on 10.129.1.0, 255.255.255.192
windows 2008 server

remote office
Draytek vigor 2760 on 192.168.2.0, 255.255.255.0

As mentioned, I have a VPN connecting the site and can ping the server, even access the folder shares from the remote office.
What I cannot do is ping the NVR unit or NAS unit.
I've checked over numerous policies, gone through the instructions I've found in various places with a fine tooth comb and still can't breach this issue.

Just after another direction to help me look in.
LVL 1
total123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hemil AquinoNetwork EngineerCommented:
Is the VPN site to site or client to gateway?

If you can ping each site subnet such as: Default gateway an server that means your VPN has established connection.
Now, you say the can't ping the NAS, correct? I suggest the following:

1- Check your NVR unit, make sure your device is getting the right ip address.
2- If you have a cisco switch make sure the port is enable and has connectivity.
3- Ping locally  the NVR and make sure you have a reply.

Last but not least, make sure both vpn are negotiating the same authentication and encryption method.
Let me know how it goes.!
0
Rob WilliamsCommented:
Is the VPN router the default gateway for the problematic devices?  If not they will need a static route added to define the return path for the ping.  Often on NAS units and printers people for get to add a gateway as it is not necessary within the LAN.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fred MarshallPrincipalCommented:
I will assume site-to-site VPN as you said Draytek and Fortigate.

You didn't say if you're pinging the IP address or the device name.  It matters.  In a simple set of networks you would have to allow NetBIOS traffic to ping by name.

You should be able to ping the IP address without doing much of anything - as long as the devices being pinged will allow itself to respond to any ping request.
But, Windows firewall for File and Printer sharing rules includes the Echo Response rules i.e. Ping.
So, you have to allow Echo Response requests on the Incoming rules.
Also, you have to expand the Remote Address in that rule to include the remote subnet addresses.
0
total123Author Commented:
the default gateway was indeed the issue.
many thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.