- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Site to Site VPN is up between two SonicWall appliances but can only ping the LAN Interface IP
12/20/2019 
64 People found this article helpful
105,843 Views
Description
A Site to Site VPN is running between two SonicWall firewall (UTM) appliances with a valid configuration. From the Main Site, a user can ping any thing behind the Remote Site, but, from the Remote Site, a user can ping only the LAN Interface IP address of the SonicWall at the Main Site. The user always observes a Request Timed Out or IP Address Not Responding condition when trying to ping any machine located behind the SonicWall appliance at the Main Site.
Resolution
- Ensure that we have properly assigned the address object with Zone Assignment as : VPN for the objects representing the LAN Network of the Main Site in the Destination Network of the SA policy created on the Remote Site.
- Check the Log entries on the Main Site for any indicating that the ping request from the remote site was blocked by the IPS Category named ICMP. In this case, everything works (RDP, Accessing any Specific Application, etc.) except Ping to the subnet which resides behind the main site. The log entry may look like the following.
If this log entry exists, follow this step
- Disable the particular Signature (Security Services | Intrusion Prevention page) indicated in the log entry or add the indicated IP address to the Exclusion list for the IPS Category named ICMP.
- Ensure you have not created any Static Route Policy on the Remote Site with the destination network defined as the subnet behind the Main Site and the Gateway selected as the LAN Interface IP or the default gateway. It is not necessary to create any static route policy on the SonicWall when we configure VPN between two devices, as the firewall Access rule and the Route Policy is automatically established.
- Make sure no firewall Access Rule(s) exist denying the traffic flowing towards the Main Site with a higher priority than the automatically created access rule for VPN Site to Site traffic.
Related Articles
- Parserror on Event logs.
- Switch from the Policy mode to classic mode on Gen 7 appliances
- Analyzing TCP reset(RST)packets
Categories
- Firewalls > NSa Series > VPN
- Firewalls > NSv Series > VPN
- Firewalls > TZ Series > VPN
YES
NO