NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Unable to navigate to LAN-WAN hosts when dialed into IPSec VPN
When dialed into a IPSec tunnel, users are not able to access WAN hosts within the same LAN such as our mail server and intranet. I believe I have a routing table issue, but I am not sure. No custo...
Hi TheDurb,
Here are my follow-up questions below:
a. Are you using a NETGEAR VPN Client software? If yes, is it the VPN Client Professional software or VPN Client Lite software?
b. What is the current version of the VPN Client software you are using?
c. Are you able to get replies when you ping the WAN hosts within the LAN while you are connected via VPN?
Regards,
DaneA
NETGEAR Community Team
Follow-up answers:
a. Are you using a NETGEAR VPN Client software? If yes, is it the VPN Client Professional software or VPN Client Lite software? I am not using Netgear Client software. I am using Shrew for Windows and the built in utility on Apple products, such as iOS. Both produce the same results.
b. What is the current version of the VPN Client software you are using? N/A
c. Are you able to get replies when you ping the WAN hosts within the LAN while you are connected via VPN? I am not. Whether I am on the VPN or physically attached to the LAN, all pings to the WAN hosts within fail. Trace routes to the hosts stop at the gateway (the Netgear box). However, resolving those hosts always succeeds when I am physically on the LAN, just not via VPN.
Hi TheDurb,
Kindly post a screenshot or an image of your detailed network setup.
Are you able to get replies when you ping the WAN1 gateway (whether you are connected via VPN or not)?
Regards,
DaneA
NETGEAR Community Team
Hi, DaneA.
That is quite a tremendous amount of information to send. Is there a specific configuration you are interested in understanding? I have summarized some of the more detailed points of my config below. Answering your question regarding pings, no when I use the full domain name on the LAN, WAN, or VPN, all pings stop at the gateway host.
I am only using WAN1 on the firewall. Settings are configured accordingly. All LAN clients share an outbound WAN IP with the firewall, even those that host inbound traffic on a different WAN IP. Those that host inbound traffic on a different WAN IP do so by way of Firewall Security rules that specify which Destination WAN traffic is routed to which LAN IP by policy. This works quite effectively. However, I still believe the inherited routing table is incorrect. The three WAN IP addresses in the routing table are pointing in the wrong direction. Those WAN IPs are not dedicated hosts within the LAN. The firewall is placing them in the routing table as if they reside within the LAN. It could be a bug in that I am using Security Policies to drive traffic from those three IPs exclusively.
Hi TheDurb,
I believe a topology of your detailed network setup would help. I am not sure but it might be possible that when VPN is active, it creates a loop or possibly a problem with the MAC address table somewhere.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
