Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

VPN Site to Site

Rave_Romero12Rave_Romero12 Newbie ✭
in Entry Level Firewalls

Hi Everyone,

Good day and hope all is well.

This is just to ask for your ideas and thoughts.

I configured a site to site between two firewalls, can ping between local network but when trying to ping each other public IP, we keep on encountering unreachable state.

Is there a way for us to make ping work while Site-to-Site VPN is up?

Thank you so much.

Regards,

Dan Rave Romero

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Enable ping management on WAN interfaces.

    WAN>WAN access rules. Edit the automatically-created access rule for this if you do not want it to be pingable from everywhere.

  • Options
    Rave_Romero12Rave_Romero12 Newbie ✭

    Hi @Arkwright,

    Good morning and thank you for the reply.

    Ping management is already enabled and wan>wan access rule is also allow.

    Ping issue only happens when site-to-site are configured but without it, they can ping each other's public ip.

    Thank you so much.

    Regards,

    Dan Rave Romero

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    @Rave_Romero12 if the ping only fails when the Tunnel is up, does the Tunnel Source/Destination Network include any of the involved Public IPs by any chance?

    --Michael@BWC

  • Options
    Rave_Romero12Rave_Romero12 Newbie ✭

    Hi Sir @BWC,

    Good afternoon Sir,

    Thank you for the time. I have an access rule which is LAN to VPN

    Source - LAN Subnet

    Destination - VPN Subnet.

    You mean, you want me to put the peer firewall's public address in the "VPN Subnet"?

    Thank you so much in advance.

    Regards,

    Dan Rave Romero

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭
    edited June 2023

    Hi @Rave_Romero12 no, I meant in the VPN definition. Is any of the Public IPs defined either for Local or Remote Network?

    VPN.jpg

    Did you fired up a Packet-Monitor to watch what happens to the packets?

    --Michael@BWC

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    I can't think of any reason to put your WAN IPs in the VPN subnet. If you have them in there, that would explain why it stops working when the VPN is up.

  • Options
    Rave_Romero12Rave_Romero12 Newbie ✭

    Hi Sir @BWC and Sir @Arkwright ,

    Good day Sirs,

    Thank you so much for the replies.

    Sir @BWC , no Sir. I didn't put any public IPs there. Only local and remote network is in there, public of mine or the peer firewall is not included. I even tried to run a packet capture but no related logs are found.

    Thank you so much in advance.

    Regards,

    Dan Rave Romero

Sign In or Register to comment.