HPE Community
Comware Based
1753875 Members
7316 Online
108809 Solutions
New Discussion

MSR 2003 VPN not able to ping from devices in the LAN

 
PeoplesProjects
Occasional Advisor

‎10-01-2018 08:46 AM - edited ‎10-01-2018 09:03 AM

‎10-01-2018 08:46 AM - edited ‎10-01-2018 09:03 AM

MSR 2003 VPN not able to ping from devices in the LAN

hi,

i've created an Ipsec site-to-site VPN witch is working because i can ping computers and servers on the other site.

But when i try to ping from a computer to the other network it is not working at all.

so i think it must be in my routing or acl?

on R2 i use 

Interface G0/0 with the ip of 192.168.1.1/24

acl advanced 3101

 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.0 0.0.0.255

ip route-static 192.168.0.0 24 Tunnel0

 

interface Tunnel0 mode ipv4-ipv4

 ip address 1.1.1.1 255.255.255.252

 source GigabitEthernet0/1

 destination 81..x.x.x

 ipsec apply policy policy-R2

 

on R1

Interface G0/0 with IP 192.168.0.1/24

acl advanced 3101

 rule 0 permit ip source 192.168.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255

 ip route-static 192.168.1.0 24 Tunnel0

interface Tunnel0 mode ipv4-ipv4
ip address 1.1.1.2 255.255.255.252
source GigabitEthernet0/1
destination 81.x.x.110
ipsec apply policy policy-R2

 

I can ping on both sites from my routers:

<R2> ping 192.168.1.2
Ping 192.168.1.2 (192.168.1.2): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.1.2: icmp_seq=0 ttl=128 time=0.680 ms
56 bytes from 192.168.1.2: icmp_seq=1 ttl=128 time=0.556 ms
56 bytes from 192.168.1.2: icmp_seq=2 ttl=128 time=0.621 ms
56 bytes from 192.168.1.2: icmp_seq=3 ttl=128 time=0.556 ms
56 bytes from 192.168.1.2: icmp_seq=4 ttl=128 time=0.592 ms

--- Ping statistics for 192.168.1.2 ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.556/0.601/0.680/0.046 ms
<R2>ping 192.168.0.254
Ping 192.168.0.254 (192.168.0.254): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.0.254: icmp_seq=0 ttl=127 time=17.275 ms
56 bytes from 192.168.0.254: icmp_seq=1 ttl=127 time=19.136 ms
56 bytes from 192.168.0.254: icmp_seq=2 ttl=127 time=19.166 ms
56 bytes from 192.168.0.254: icmp_seq=3 ttl=127 time=18.603 ms
56 bytes from 192.168.0.254: icmp_seq=4 ttl=127 time=15.124 ms

 but from my server to the other router:


Pinging 192.168.1.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Best regards,

Benny

0 Kudos
2 REPLIES 2
aybra
HPE Pro

‎10-09-2018 01:26 PM

‎10-09-2018 01:26 PM

Re: MSR 2003 VPN not able to ping from devices in the LAN

Hello Benny

can you please post the complete configurations so we can help you.

best regards

I am an HPE Employee

Accept or Kudo

0 Kudos
drk787
HPE Pro

‎10-09-2018 10:22 PM

‎10-09-2018 10:22 PM

Re: MSR 2003 VPN not able to ping from devices in the LAN

Hi,

Can you share the tracert output from the server/PC.

Thank You!
I am an HPE Employee

Accept or Kudo

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.