hi ,my Problem :I connect my Notebook via VPN IPsec to my Netgear srx5308 !I use IKE + Policies ( no modeConfig ).The connecttion work fine but i cant ping any other PC and also it isnt possible to ping the SRX !WAN1 217.xxx.xxx.xxxVLan1192.168.1.0 / 255.255.255.0- SRX -> 192.168.1.1VLan 2192.168.21.0 / 255.255.255.0- PC1 -> 192.168.21.100- DS1812 -> 192.168.21.250VPN-Client SHREW ( and also Netgear Client , same Situation)- VPN-Client -> 172.xx.xx.2 (vodafone / iphone share )( Active IPsec SA(s) .. )( i can chnage it .. to self selcted IP 10.0.10.2 etc. but also no effect )Why i cant ping any other device !? any idea ... ?PS:more info SRX - VPN PoilciesTraffic Selection 192.168.1.1255.255.255.0Remote IP : ANYFQDN : remote.com

Read my LAN Subnets NOT to Use tutorial. Change traffic selector to .0 and try again. Just like a regular VPN, you need additional VPN policies for each additional LAN subnet.

hi ,i also try it with .0same result !if you use the wizard he fill it auto. with 192.168.1.1 ...but i wasnt sure its correct .. thats the reason why i also try it with .0 !any other idea !??and thx for the tip with ... single polic. for each VLan !!

Test with Internet connection other than iPhone. Your carrier may be blocking VPN. You have to test from outside of your LAN as well.

hmmm..ok , but it also dosent work with a client from landline !and i dont think that the carrier block VPN ...but i will check this also .. againbut today it will be not possible

PS:but the connection are working well !!!normaly the carrier maybe can block to build up a VPN !!but he cant block the connection to my internal ... network PCs!or iam wrong !?

Forum Discussion

xmaster2002

Aspirant

Jan 03, 2013

VPN IPsec work fine but i cant see any other PC

hi ,

my Problem :

I connect my Notebook via VPN IPsec to my Netgear srx5308 !
I use IKE + Policies ( no modeConfig ).

The connecttion work fine but i cant ping any other PC and also it isnt possible to ping the SRX !

WAN1 217.xxx.xxx.xxx

VLan1
192.168.1.0 / 255.255.255.0
- SRX -> 192.168.1.1

VLan 2
192.168.21.0 / 255.255.255.0
- PC1 -> 192.168.21.100
- DS1812 -> 192.168.21.250

VPN-Client SHREW ( and also Netgear Client , same Situation)
- VPN-Client -> 172.xx.xx.2 (vodafone / iphone share )
( Active IPsec SA(s) .. )
( i can chnage it .. to self selcted IP 10.0.10.2 etc. but also no effect )

Why i cant ping any other device !?
any idea ... ?

PS:
more info

SRX - VPN Poilcies
Traffic Selection
192.168.1.1
255.255.255.0

Remote IP : ANY
FQDN : remote.com

43 Replies

jmizoguchi
Virtuoso
Jan 09, 2013
VPN Polic.
192.168.0.0
255.155.0.0
ANY ( remote )

You made huge subnet which is okay.

You can make two tunnel for both 1.x and 21.x would more limited to only two subnets but it's your network..
xmaster2002
Aspirant
Jan 09, 2013
yes i know !

lets see ... i will change it or not !

but i think the most interesst thing for the people they read here ..
are the fix the problem or to help them to solve the problem !

later they can do it more "complicated" if they have a first success !

I also have to config. mobile VPNs for this ... and and and ...
but step by step ....

Now i am first happy that it works now and it it wasnt my misstake !
prim. it was a Router problem of shutdown and boot .. also the new firmeware helps to solve it !
jmizoguchi
Virtuoso
Jan 09, 2013
later they can do it more "complicated" if they have a first success !

it's not complicated deal just need to create additional policy but gain you only have two Lan subnet anyway so you do not have worried that much.

enjoy