hi ,my Problem :I connect my Notebook via VPN IPsec to my Netgear srx5308 !I use IKE + Policies ( no modeConfig ).The connecttion work fine but i cant ping any other PC and also it isnt possible to ping the SRX !WAN1 217.xxx.xxx.xxxVLan1192.168.1.0 / 255.255.255.0- SRX -> 192.168.1.1VLan 2192.168.21.0 / 255.255.255.0- PC1 -> 192.168.21.100- DS1812 -> 192.168.21.250VPN-Client SHREW ( and also Netgear Client , same Situation)- VPN-Client -> 172.xx.xx.2 (vodafone / iphone share )( Active IPsec SA(s) .. )( i can chnage it .. to self selcted IP 10.0.10.2 etc. but also no effect )Why i cant ping any other device !? any idea ... ?PS:more info SRX - VPN PoilciesTraffic Selection 192.168.1.1255.255.255.0Remote IP : ANYFQDN : remote.com

Read my LAN Subnets NOT to Use tutorial. Change traffic selector to .0 and try again. Just like a regular VPN, you need additional VPN policies for each additional LAN subnet.

hi ,i also try it with .0same result !if you use the wizard he fill it auto. with 192.168.1.1 ...but i wasnt sure its correct .. thats the reason why i also try it with .0 !any other idea !??and thx for the tip with ... single polic. for each VLan !!

Test with Internet connection other than iPhone. Your carrier may be blocking VPN. You have to test from outside of your LAN as well.

hmmm..ok , but it also dosent work with a client from landline !and i dont think that the carrier block VPN ...but i will check this also .. againbut today it will be not possible

PS:but the connection are working well !!!normaly the carrier maybe can block to build up a VPN !!but he cant block the connection to my internal ... network PCs!or iam wrong !?

VPN IPsec work fine but i cant see any other PC

43 Replies

jmizoguchi
Virtuoso
Jan 03, 2013
LAN ,WAN ping feature not need it VPN.

WAN ping will flood the router from any outsiders

Gateway for NAS is point to router?
xmaster2002
Aspirant
Jan 04, 2013
hi ...
any option here to post screeners !?
( plz dont tell me : use Skydrive or things like this ! ;) .. )
jmizoguchi
Virtuoso
Jan 04, 2013
Common way to post to use imageshack.us
xmaster2002
Aspirant
Jan 05, 2013
http://imageshack.us/g/1/9949716/

maybe this helps
jmizoguchi
Virtuoso
Jan 05, 2013
Mode config IP pool can NOT me same as you LAN subnet
xmaster2002
Aspirant
Jan 05, 2013
?? ModeConfig !?!?
i dont use ModeConfig !

i post IKE Polic. and VPN Polic. !
jmizoguchi
Virtuoso
Jan 05, 2013
Link showed 12 imageschack
xmaster2002
Aspirant
Jan 05, 2013
hmm .. i cant see any pic with ModeConfig !!!
i dont use it ! thats why normally it isnt possible that i post a ModeConfig screener !!!

PS:

mayb this helps also
Fri Jan 04 09:39:07 2013 (GMT +0100): [SRX5308] [IKE] INFO: IPsec-SA established: ESP/Tunnel
217.xxx.xx.xxx->109.xxx.xxx.xxx with spi=3320127859(0xc5e52173)
Fri Jan 04 09:39:07 2013 (GMT +0100): [SRX5308] [IKE] INFO: IPsec-SA established: ESP/Tunnel
109.xxx.xxx.xxx->217.xxx.xxx.xxx with spi=226577000(0xd814a68)
Fri Jan 04 09:39:07 2013 (GMT +0100): [SRX5308] [IKE] INFO: No policy found, generating the policy :
172.xxx.xxx.xxx/32[0] 192.168.21.0/24[0] proto=any dir=in
Fri Jan 04 09:39:07 2013 (GMT +0100): [SRX5308] [IKE] INFO: Using IPsec SA configuration:
192.168.21.0/24<->0.0.0.0/0 from remote.com
Fri Jan 04 09:39:07 2013 (GMT +0100): [SRX5308] [IKE] INFO: Responding to new phase 2
negotiation: 217.xxx.xxx.xxx[0]<=>109.xxx.xxx.xxx[0]
Fri Jan 04 09:39:07 2013 (GMT +0100): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify
payload[INITIAL-CONTACT]
Fri Jan 04 09:39:07 2013 (GMT +0100): [SRX5308] [IKE] INFO: ISAKMP-SA established for
217.xxx.xxx.xxx[500]-109.xxx.xxx.xxx[39120] with spi:5fc2131788210d2d:7d8804eeca0e4747
Fri Jan 04 09:39:06 2013 (GMT +0100): [SRX5308] [IKE] INFO: Received unknown Vendor ID
Fri Jan 04 09:39:06 2013 (GMT +0100): [SRX5308] [IKE] INFO: Received unknown Vendor ID
Fri Jan 04 09:39:06 2013 (GMT +0100): [SRX5308] [IKE] INFO: Received unknown Vendor ID
Fri Jan 04 09:39:06 2013 (GMT +0100): [SRX5308] [IKE] INFO: Received Vendor ID: DPD
Fri Jan 04 09:39:06 2013 (GMT +0100): [SRX5308] [IKE] INFO: Received Vendor ID: DPD
Fri Jan 04 09:39:06 2013 (GMT +0100): [SRX5308] [IKE] INFO: Received unknown Vendor ID
jmizoguchi
Virtuoso
Jan 05, 2013
I was on my iPad so possible not showing what you posted.

It will be a whe to use PC but NAS has correct gateway ip?

I'm going to assume that

VPN policy is like
Ex.
Local 192.168.70.0/255.255.255.0
Remote Any
xmaster2002
Aspirant
Jan 05, 2013
See ... The NAS are current not so important !
The most important thing are current that i am able to ping anything ...
First what i want are to ping the SXR 192.168.1.1 ... Than i am happy !
2. Step are to ping the NAS with ip 192.168.21.250

In case that it,must be i can change the ips but normally
I want that the SRX will use the 192.168.1.1

3. Step are to ping the ip 192.168.1.100

Curreny i have a stable VPN connection and all looks good but 0 chancr to reach anything with the VPN !

And i cant finde the,misstake why i am not able to ping the srx i thing normally all are fine for this min. Setup !
I cant understanf it !!!!

Send from my Lumia920

Forum Discussion

VPN IPsec work fine but i cant see any other PC

43 Replies

Related Content

ReadyCloud dont work in chrome

IPSEC VPN Client 5.1 not working

WC9500 Discovery doesn't work

Getting SRX5308 VPN IPSec to work with Android (when using DynDNS)

Wifi schedule (off overnight) option not working via Insight (works in local)

NETGEAR Academy

ProSupport for Business