IPsec can not ping site B
-
Greetings to All,
I've configured the IPsec
Jun 28 17:31:30 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 440 [ ] Jun 28 17:31:30 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:31:35 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:31:35 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 441 [ ] Jun 28 17:31:35 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 441 [ ] Jun 28 17:31:35 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:31:40 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:31:40 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 442 [ ] Jun 28 17:31:40 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 442 [ ] Jun 28 17:31:40 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:31:45 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:31:45 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 443 [ ] Jun 28 17:31:45 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 443 [ ] Jun 28 17:31:45 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:31:50 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:31:50 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 444 [ ] Jun 28 17:31:50 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 444 [ ] Jun 28 17:31:50 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:31:55 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:31:55 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 445 [ ] Jun 28 17:31:55 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 445 [ ] Jun 28 17:31:55 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:32:00 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:32:00 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 446 [ ] Jun 28 17:32:00 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 446 [ ] Jun 28 17:32:00 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:32:05 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:32:05 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 447 [ ] Jun 28 17:32:05 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 447 [ ] Jun 28 17:32:05 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:32:10 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:32:10 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 448 [ ] Jun 28 17:32:10 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 448 [ ] Jun 28 17:32:10 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:32:15 charon 11[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:32:15 charon 11[ENC] <con1000|1> parsed INFORMATIONAL request 449 [ ] Jun 28 17:32:15 charon 11[ENC] <con1000|1> generating INFORMATIONAL response 449 [ ] Jun 28 17:32:15 charon 11[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:32:20 charon 10[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:32:20 charon 10[ENC] <con1000|1> parsed INFORMATIONAL request 450 [ ] Jun 28 17:32:20 charon 10[ENC] <con1000|1> generating INFORMATIONAL response 450 [ ] Jun 28 17:32:20 charon 10[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:32:25 charon 10[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:32:25 charon 10[ENC] <con1000|1> parsed INFORMATIONAL request 451 [ ] Jun 28 17:32:25 charon 10[ENC] <con1000|1> generating INFORMATIONAL response 451 [ ] Jun 28 17:32:25 charon 10[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes) Jun 28 17:32:30 charon 10[NET] <con1000|1> received packet: from 1x.20x.9.2x[500] to 1xx.2x.1x.2x[500] (80 bytes) Jun 28 17:32:30 charon 10[ENC] <con1000|1> parsed INFORMATIONAL request 452 [ ] Jun 28 17:32:30 charon 10[ENC] <con1000|1> generating INFORMATIONAL response 452 [ ] Jun 28 17:32:30 charon 10[NET] <con1000|1> sending packet: from 1xx.2x.1x.2x[500] to 1x.20x.9.2x[500] (80 bytes)
Interface of My LAN Subnet is 172.16.1xx.0/20
Interface of IPSEC : 192.168.xxx.xxx/30In phase-2 , I have added my LAN subent in
Local Area Network : 172.16.1xx.0/20
NAT/BINAT translation: 192.168.xxx.xxx/30When Im trying to ping 192.168.xxx.2/32
Unable to ping network nor I'm able to trace that remote IP. IPsec status is showing connected but phase-2 0 bytes in/out .
Rule in IPSEC:
Rule in LAN:
Do I need to add any other rule as well?Regards
-
@scorpoin Try to change the LAN rule to "any any" to include icmp in your rule. Ping is icmp.
-
This post is deleted!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.