Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Able to connect to VPN but can't ping anything inside network
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2020-09-02
08:47 AM
2020-09-02
08:47 AM
Able to connect to VPN but can't ping anything inside network
Below is the connection log.
I am trying to ping IP addresses on the internal network of the VPN and getting ICMP request timeouts on every host I try to hit (I know for sure that ICMP is permitted on the hosts I'm attempting to hit).
Any ideas?
Wed Sep 02 10:42:33 2020 (GMT -0500): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 24.51.177.114->73.79.234.204 with spi=116720789(0x6f50495) Wed Sep 02 10:42:33 2020 (GMT -0500): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 73.79.234.204->24.51.177.114 with spi=142200531(0x879ced3) Wed Sep 02 10:42:33 2020 (GMT -0500): [SRX5308] [IKE] INFO: No policy found, generating the policy : 192.168.1.247/32[0] 192.168.0.0/24[0] proto=any dir=in Wed Sep 02 10:42:33 2020 (GMT -0500): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.0.0/16<->0.0.0.0/0 from srx_remote2.com Wed Sep 02 10:42:33 2020 (GMT -0500): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 24.51.177.114[0]<=>73.79.234.204[0] Wed Sep 02 10:42:33 2020 (GMT -0500): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT] Wed Sep 02 10:42:33 2020 (GMT -0500): [SRX5308] [IKE] INFO: ISAKMP-SA established for 24.51.177.114[500]-73.79.234.204[14048] with spi:60c99e25c56ddb48:3b5d967413fe82e5 Wed Sep 02 10:42:32 2020 (GMT -0500): [SRX5308] [IKE] INFO: Received Vendor ID: DPD Wed Sep 02 10:42:32 2020 (GMT -0500): [SRX5308] [IKE] INFO: Received unknown Vendor ID Wed Sep 02 10:42:32 2020 (GMT -0500): [SRX5308] [IKE] INFO: Beginning Aggressive mode. Wed Sep 02 10:42:32 2020 (GMT -0500): [SRX5308] [IKE] INFO: Received request for new phase 1 negotiation: 24.51.177.114[500]<=>73.79.234.204[14048] Wed Sep 02 10:42:32 2020 (GMT -0500): [SRX5308] [IKE] INFO: Remote configuration for identifier "srx_remote2.com" found
Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 2
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2020-09-15
12:46 PM
2020-09-15
12:46 PM
Re: Able to connect to VPN but can't ping anything inside network
Hi tgfisher,
Welcome to our community! 🙂
It seems that you are having issues with the VPN connection of your SRX5308. Is this a site-to-site or a client-to-box VPN? May I know what is the LAN address of both sites? Please also share a screenshot of your configuration.
Regards,
John
NETGEAR Community Team
Message 2 of 2