Hi, Thanks for the reply. This makes very good sense for the windows machines behind the VPN, but the thrust of my work is to enable a VPN user to monitor a DVR video security system. It's a hardware device with no firewall software at all on it.
What I've learned since my original post is that the results are inconsistent. Sometimes when I connect, I can get to the device (ping, browser, etc), other times, I cannot ...Yet the device is still pingable via the Diagnostics page on the VPN Web Console. When I can ping it from my remote location, I can connect to it and view the cameras. When I cannot ping it, I cannot connect to it....confirming that when no ping...no other services available. When I can't get to the device, I look to see if I still have my SA's. And yes I do. So this is a bewildering problem....sigh. Suspicions: Netgear came out with a new firmware in August. ..so maybe I'll try putting that into the device today. My other slightly suspicious thing is the Shrewnet client as I've begun using the 2.1.7 beta for a few days now.. Regards, Mike -----Original Message----- From: Michal Wegrzyn <[email protected]> To: [email protected] Sent: Mon, Sep 6, 2010 3:07 am Subject: Re: [vpn-help] Can't ping some IP addresses behind VPN Hi Mike, Disable Firewall on devices and check pings. Default in Windows only respond on the same subnet while in VPN ModeConfig You have different subnet so Windowses drops Your packets. Regards, Michal ----- Original Message ----- From: [email protected] To: [email protected] Sent: Saturday, September 04, 2010 3:58 AM Subject: [vpn-help] Can't ping some IP addresses behind VPN Hi Matthew et. al, I have a Netgear FVS318G vpn router. I can connect to it using Shrew 2.1.6 (latest released version). Iked.log is attached. Once I make my connection, I can ping the VPN's local internal address on the remote network (192.168.1.1). I even confirm that https://192.168.1.1:8080 will render the VPN admin console. So this confirms that I'm really reaching the VPN on the remote LAN. I however, cannot ping devices that I know are running in the LAN beyond the gateway. It seems my packets are being dropped. I can confirm these target addresses are pingable using the Netgear VPN admin console diagnostics. (i.e. 192.168.1.7) In the VPN Trace utility, I see only two SA's (Mature ESP types). Both show positive traffic flow. Topology: VPN Local network side: 192.168.1.0/24 Mode Config address pool: 192.168.2.50 - 100 Local Lan: 10.0.0.0/24 I figure Matt, you'd want to know this for the Policy Tab. Policy Generation Level = Auto s:policy-list-include:192.168.1.0 / 255.255.255.0 Does my iked log give any hints? Thanks in advance, Mike _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help _______________________________________________ pn-help mailing list [email protected] ttp://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
