I have the tunnel with my Azure VPN gateway connected and can ping across to the ip address assigned to the lan side of my router but cannot ping the network gateway on premises from Azure. In tools on the peplink, i can ping from lan to the gateway address.
When I attempt to ping from azure to the gateway, i see the packet accepted but the balance 20 doesn’t route it through.
[74329.117042] Firewall: Allowed CONN=WAN1 MAC=10:56:ca:11:b2:7d:00:c1:64:73:9f:67:08:00 SRC=10.55.56.4 DST=10.42.60.161 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=51981 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=381 MARK=0x9
I have attempted a static route, inbound and outbound policies and access rules with no effect.
A little diagraming and description of the subnets and players would help.
Once I get down to routing this this odd, I almost always need to use packet captures to find where the packets are getting lost.
I haven’t run an IPsec VPN for about a year (switched to speed fusion) but once the endpoints negotiated it was pretty straight forward.
Your IPsec is set to “policy based” right?.. and all of the networks are selected in local and remote networks. No NAT.
In this implementation, i need the traffic coming from azure (10.55.56.54) to NAT to the IP address of the balance20 (10.42.60.164). The service i’m attempting to communicate with requires that traffic originate from that 164 address.
This is the gateway config on Azure
and this is what i have on the balance20
I hate debugging these sort of things non real time. Can you ping from the 10.42.60.164 to 10.55.56.54?
I know you said there were a lot of successful pings, but you didn’t list it by IP.
I would packet capture on the WAN, just to see if there was a reply packet via ipsec… or not. If not, you are going to have to open a ticket, it is something internal to the peplink.
the firewall log implies that the packet gets to the Balance… does the balance send it back? the wan Pcap would confirm/deny that.
If it does not send that reply then you are going to have to open a ticket, it is something internal to the peplink.
