Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 12158 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN - ping from local network to remote site request timed out

Amr Ahmed

I  have established IPSec Connection over internet and i try to ping remote host from my side ( branch ) 

ping request time out 

i have 2 rule from local to VPN 

and From VPN to local 

but i still unable to Ping remote network  



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    console> tcpdump 'host 10.201.0.11 and proto ICMP
    tcpdump: Starting Packet Dump
    09:38:33.565329 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6920, length 40
    09:38:38.564948 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6921, length 40
    09:38:43.564193 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6922, length 40
    09:38:48.565124 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6923, length 40
    09:38:53.562339 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6924, length 40
    09:38:58.564700 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6925, length 40
    09:39:03.564356 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6926, length 40
    09:39:08.563259 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6927, length 40
    09:39:13.565121 Port1, IN: IP 192.168.1.43 > 10.201.0.11: ICMP echo request, id 1, seq 6928, length 40
    ^C
    9 packets captured
    12 packets received by filter
    0 packets dropped by kernel

    192.168.1.43 local network

    10.201.0.11 remote server 

  • 0 in reply to Amr Ahmed

    Thanks Arm.

    Use traceroute to understand where the traffic is going. I guess you have asymmetric routing issue.

  • 0 in reply to lferrara

    do i need to add static route for local network and remote network 

    and how i traceroute from local network to remote on sophos

    tracert 10.201.0.11

    Tracing route to 10.201.0.11 over a maximum of 30 hops

    1 <1 ms <1 ms <1 ms 192.168.1.1
    2 * * * Request timed out.
    3 65 ms 66 ms 65 ms 10.201.0.11

    Trace complete.

    Port1
    ipsec0
    IPv4
    192.168.1.43
    10.201.0.11
    ICMP
    --
    2
    Forwarded
    		  
    No Policy
    No Policy
    No Policy
    M2-Security
    No Policy
    No Policy
    512
    4047276480
    0
    UNREPLIED
    		  
    No Category
    0
    No Application
    No Category
    amr.ahmed
    2017-08-29 10:08:04
    Port1
    		  
    IPv4
    192.168.1.43
    10.201.0.11
    ICMP
    --
    0
    Incoming
    		  
    No Policy
    No Policy
    No Policy
    -
    No Policy
    No Policy
    No Gateway
    0
    0
    UNREPLIED
    		  
    No Category
    0
    No Application
    No Category
    -
  • 0 in reply to Amr Ahmed

    Hi Amr 

     

    Please provide us the same packet capture of the remote end with the same packets , It would seem your local network is on Port 1 and your request went out to port 1. Could you take a tcpdump of the packet 

    tcpdump 'host 10.201.0.11 

    From LAN to VPN, NAT should not be applied, you may apply NAT for VPN to LAN rule. But it's your choice.

    I suspect the ping did not respond due to the firewall of the system of the destination address. Try disabling it and check if it responds with the reply.