As in the subject, I managed to make VPN Lan to Lan connection successfully but my laptop plugged in to the router cant ping any VPN IP addresses.

I can ping VPN addresses from the router but not from the laptop. Am I missing something in Lan configuration?

Hi TomTomTom,

Things to check:

1) Do you have any firewall rules active, that could be blocking the ping?

2) Are the LANs at each end different subnets, they shouldn’t be the same, if they are, either change one of them or tick the option at the bottom of the LAN-to-LAN config page (on the right side) that’s labelled “IPsec VPN with the Same Subnets”?

3) Are you pinging from your laptop by IP or by name to the remote node, use IP rather than name.

4) Is your laptop’s IP gateway setting pointing to your local end of the LAN-to-LAN, your local Vigor?

5) In the TCP/IP settings of the LAN-to-LAN configuration, have you set the remote and local network address, at each end, relevant to which end you’re setting up?

6) Choose the ‘Route’ option, rather than ‘NAT’ in the TCP/IP settings (right side of page); above the “IPsec VPN with the Same Subnets” setting.

7) Are the LANs you’re pinging, additional subnets at the remote location or at your local location, i.e. not LAN1 at either end, if so, you may need to add the additional subnets to the TCP/IP remote network subnets list at each end.


Try these and see if any work… …it would obviously be easier to see your config page (from each end) but I understand you may not want to post that online.

Thank you for your answer. I am thinking I must have some wrong with routing on the laptop.

This is a connection between Cisco and Drytek. I was given all the details and managed to get a reliable connection.
I can ping remote devices from Drytek but we can not ping anything from a local laptop that is connected to Drytek Lan.

It looks like below:
My Laptop (192.168.x.10)

---

> (192.168.x.1) Drytek (VPN Client)

---

> Remote Cisco VPN server (1x.4x.2x.0)

---

> Remote device (1x.4x.2x.61)

ping from (192.168.x.1) Drytek (VPN Client)

---

SUCCESSFUL

---

> Remote device (1x.4x.2x.61)

ping from My Laptop (192.168.x.10)

---

(192.168.x.1) Drytek (VPN Client)

---

NO PING

---

X

---

X

---

> Remote device (1x.4x.2x.61)

Any ideas? Do we need to add any route to the laptop?

Hi TomTomTom,

Ok, so your Draytek Router is aware of the connection to the 1*.4*.2*.0 network because it is directly connected to a device that is aware of that subnet. Your laptop on the other hand isn’t directly connected to that same 1*.4*.2*.0 aware device, it is first communicating with the Draytek router at your local end, which isn’t relaying to your laptop that it is now able to communicate with the 1*.4*.2*.0 remote network.

Normally, this remote network (subnet) would be entered into the “Remote Network” field at the bottom of your LAN-to-LAN configuration. This allows devices at your end, connected to your Draytek Router, to be informed that the remote subnet is contactable via the LAN-to-LAN connection, i.e. your local Draytek Router.

Likewise, at the other end, the 1*.4*.2*.0 network devices need to be informed of the existence of your 192.168.*.* network, so they can return the ping or simply establish a connection, themselves.

When you’re dealing with multiple subnets at each end, or even multiple subnets at just one end, you need to add these additional subnets to the LAN-to-LAN configuration at each end, so traffic can be routed from each end to the other, in both directions.

You’ll see at the very bottom of the LAN-to-LAN configuration page, the setting for adding additional subnets, these added subnets need to be the remote subnets, not the local subnets.

(The problem you appear to be having is your traffic is not being routed through the VPN link, from one end, or both.)


I hope that makes sense and helps you in some way.