IPsec VPN on Balance 20 -- newbe


#1

Help. Newbe stuck. I’m trying to link two sites (both using Balance 20) together. I’m using IPsec VPN. The status of the IPsecVPN shows its connected (I think); 192.168.60.0/24 <-> 192.168.40.0/24 (with green lock)…

I assume at this point I can, from one site, ping a computer at the other site. But, I cannot.

What am I missing? static routes? Passthru? QOS. Policies? Magic joojoo?

Firmware version 5.3.12

Also, is it possible to do IPsec VPN when both sides are dynamic IP? (aggressive sounds like only one side can be dynamic)


#2

Hi,

Please consider to upgrade to the latest version 5.4.10 (Version 5) for us to further diagnose your issue. If the Balance 20 still under warranty, you may consider to upgrade to the latest firmware version 6.1.2 (Version 6) .

Aggressive mode is use when you have 1 or both peers having dynamic IP. Dynamic DNS Settings is required for such design.


#3

OK. Updated to 5.4.9 (I could not find 5.4.10 on the website!) on both sides.

Still no ping. IPsec VPN event log shows ‘connected’. Status shows ‘192.168.60.0/24 <-> 192.168.40.0/24’


#4

Hello,

Are there any firewall rules at all? Just to confirm you are pinging from a LAN client (PC) behind one of the Balances?
If the issue is still persistent, open a support ticket and a technical team member will be able to take a closer look.

http://cs.peplink.com/contact/support/


#5

Just the ‘any to any default’ firewall rules.

Yes, from a computer on the 192.168.40.xxx network, ping computer on the 192.168.60.xxx network. (and I can ping the 192.168.60.xxx computer on its local network).

I take it from your answer that, yes, the ping across the VPN should work at this point. No other settings are required.


#6

Hello,

Correct. I would also ensure that the Balances are on current firmware as well:
http://www.peplink.com/support/downloads/balance-firmware-and-user-manual-6-1-2/

Also, as stated before. If the issue is still persistent after the upgrade, open a support ticket.


#7

Peplink support went above and beyond to help me solve this… and, it wasn’t an issue with Peplink.

The solution was the Windows Firewall. By default, Windows 7 and 8 have ping (ICMP echo) disabled (XP, by default is enabled). Peplink IPsec VPN was working perfectly.

The correct verification process would be to first ping the remote router using a computer on the local network (you cannot ping thru a VPN using the Peplink router management). Then try pinging a computer (but first enable ICMP echo).

thanks again to Peplink support.
Roger