This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site 2 Site

Is it possible on the firewall itself to ping the remote internal ip addresses of the other vpn site? It doesnt seem to work.. or am I doing something wrong..

PING 192.168.0.26 (192.168.0.26) from 24.33.12.165 : 56(84) bytes of data.

I notice it says "From" and has the external IP address??

This thread was automatically locked due to age.

Parents

0 ReD-MaN over 20 years ago

The FW wont be able to unless you create a host2net vpn for the firewall. The firewall is doing this because it does not know how to get to the site you are trying to ping and it is sending it out it's default gw.
Cancel
Vote Up 0 Vote Down

Cancel
0 System-Z over 20 years ago in reply to ReD-MaN

i have a net2net right now........ Well, basically I'm trying to setup LDAP authenication and the remote firewall doesnt know how to find its way here............ any ideas? I guess i could nat out port 389 to the external IP... I hate to do that tho..
Cancel
Vote Up 0 Vote Down

Cancel
0 ReD-MaN over 20 years ago in reply to System-Z

Create a host2net vpn then. Then the remote firewall could find it's way. [:)]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ReD-MaN over 20 years ago in reply to System-Z

Create a host2net vpn then. Then the remote firewall could find it's way. [:)]
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Xeno over 20 years ago in reply to ReD-MaN

You need to set the source IP of the ping with option -I. If do not set the source, the ping has a source address which is not in the VPN subnet definiton. So it would not route back through the tunnel.

ping -I 192.168.1.1 192.168.2.1

192.168.1.1: IP of the internal interface of ASL (which is inside the tunnel subnet definition)

192.168.2.1: remote interface of ASL or a host (which are inside the tunnel subnet definition).

Xeno
Cancel
Vote Up 0 Vote Down

Cancel