No response to phase 2 requests, I clicked on “open tunnel”, but nothing happens, The vpn tunnel is up but i can’t ping – Billion Electric Company CO1 User Manual

Page 40

Advertising
background image

Billion BiGuard VPN Client

Chapter 5: Troubleshooting

37

No response to phase 2 requests

120348 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE]
[ID] [ID]
120349 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE]
[ID] [ID]
120351 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE]
[ID] [ID]
120351 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE]
[ID] [ID]

Check algorithms and phase 2 identities (“Local address” and “Network address”). Some
settings must mismatch between the VPN and the VPN gateway.

I clicked on “Open tunnel”, but nothing happens.


Read logs of each VPN tunnel endpoint. IKE requests can be dropped by firewalls. An IPSec
Client uses UDP port 500 and protocol ESP (protocol 50).

The VPN tunnel is up but I can’t ping!


If the VPN tunnel is up, but you still cannot ping the remote LAN, here are a few guidelines:
1. Check Phase 2 settings: VPN Client address and Remote LAN address. Usually, VPN Client

IP address should not belong to the remote LAN subnet.

2. Once VPN tunnel is up, packets are sent with ESP protocol. This protocol can be blocked by

firewall. Check that every device between the client and the VPN server does accept ESP.

3. Check your VPN server logs. Packets can be dropped by one of its firewall rules.
4. Check your ISP support ESP.
5. If you still cannot ping, follow ICMP traffic on VPN server LAN interface and on LAN

computer interface (with Ethereal for example). You will have an indication that encryption
works.

6. Check the “default gateway” value in VPN Server LAN. A target on your remote LAN can

receive pings but does not answer because there is a no “Default gateway” setting.

7. You cannot access to the computers in the LAN by their name. You must specify their IP

address inside the LAN.


We recommend you to install ethereal (http://www.ethereal.com) on one of your target computer.
You can check that your pings arrive inside the LAN.














Advertising
Popular Brands
Popular manuals