Problems with traffic in VPN tunnel
-
We have a LAN HQ in Mexico, connected by VPN with Italy and with another LAN “Mexico 2”.
The parameters of the VPNS are correct and in fact, the tunnels are open and operating well. We see “Active” status in both of them.
However, we only have traffic between LAN HQ and Italy through the VPN, that is: any LAN node in Italy can see the others in HQ and vice versa. For example, using ping or logging into.
Also, the VPN between HQ and Mexico 2 is active and up, but the devices in its segments do not reach the others. That is: if from the network 192.168.15.0 a ping is sent to a computer like 192.168.16.20 in the other side of the VPN, there is no traffic in any direction.
The pings with the LAN of Italy (192.168.0.0/24) do work without problem.
How could we solve this case? What futher information can I send in order to diagnose?
Regards
JCGA. -
@Juan-Carlos-Gtz
Hey
Check the rules on the interface IPSEC Mex 2 . It is possible that they block traffic (by default, all traffic is blocked).At a minimum, an allow all rule (Pass protocol any, src host any, dst host any) is needed.
Or show the rules- IPSEC MEX 2
- LAN HQ MEX
If there are problems with the access from the network LAN MEX2 to the network LAN HQ MEX, the still show rules - LAN MEX 2
- IPSEC HQ MEX
-
Hello and thanks for your help.
Rules are: rules
As you can see, they are very basic jus for doing tests, and they allow traffic in LAN, WAN and IPsec interfaces.
What changes shoud we do in order to verify if traffis is passind between HQ and MEX2 ?
Thanks in advance,
Juan Gutierrez.
-
@Juan-Carlos-Gtz
Hey
You're only allowed TCP on the interface IPSEC Mex 2. Other protocols are prohibited. In order to use ping you need to enable ICMP.