IPSEC tunnel up, but can't ping from LAN
-
I have an ipsec tunnel up and running.
I can ping any host on the other side of the tunnel e.g. 10.1.22.250 ONLY FROM the pfSense shell.However, I can't ping 10.1.22.250 from any host on my LAN, which is odd as pfSense is our only gateway and router. All other hosts on my LAN can be pinged from any host as well as from the router shell.
I'm perplexed. How can this be possible when my gateway is pfSense?
-
Please fill in a bit more about your network?!
Is it LAN<=>LAN or mobile client accessing with IPSec VPN?
Is it PCs? Windows Xp/Vista/7? Is windows firewall on or disabled? -
It's site to site (lan to lan).
Firewall is disabled on all hosts (a mix of Linux, XP and Windows 7 all showing identical behavior).
Where this is a little unusual is that instead of putting our subnet in the tunnel, I'm using our external IP. That alone could be causing fun NAT and rules issues, but what perplexes me the most is that the tunnel works great from the router shell itself (can ping everything on the other side of the tunnel).
I would think that since the tunnel works at the router, I should be able to create some type of a route from my LAN to the router and out to the tunnel (and back). So far, not so good.
Attached is a screen shot of the IPSEC setup…
-
i had some similar behavior recently…. i found the rule going from one vpn lan to another needs to have the gateway set to "default" otherwise i can ping from pfsense but not from a host.