-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Site to Site VPN is up between two SonicWall appliances but can only ping the LAN Interface IP
12/20/2019 
88 People found this article helpful
491,996 Views
Description
A Site to Site VPN is running between two SonicWall firewall (UTM) appliances with a valid configuration. From the Main Site, a user can ping any thing behind the Remote Site, but, from the Remote Site, a user can ping only the LAN Interface IP address of the SonicWall at the Main Site. The user always observes a Request Timed Out or IP Address Not Responding condition when trying to ping any machine located behind the SonicWall appliance at the Main Site.
Resolution
- Ensure that we have properly assigned the address object with Zone Assignment as : VPN for the objects representing the LAN Network of the Main Site in the Destination Network of the SA policy created on the Remote Site.
- Check the Log entries on the Main Site for any indicating that the ping request from the remote site was blocked by the IPS Category named ICMP. In this case, everything works (RDP, Accessing any Specific Application, etc.) except Ping to the subnet which resides behind the main site. The log entry may look like the following.
If this log entry exists, follow this step
- Disable the particular Signature (Security Services | Intrusion Prevention page) indicated in the log entry or add the indicated IP address to the Exclusion list for the IPS Category named ICMP.
- Ensure you have not created any Static Route Policy on the Remote Site with the destination network defined as the subnet behind the Main Site and the Gateway selected as the LAN Interface IP or the default gateway. It is not necessary to create any static route policy on the SonicWall when we configure VPN between two devices, as the firewall Access rule and the Route Policy is automatically established.
- Make sure no firewall Access Rule(s) exist denying the traffic flowing towards the Main Site with a higher priority than the automatically created access rule for VPN Site to Site traffic.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > NSa Series > VPN
- Firewalls > NSv Series > VPN
- Firewalls > TZ Series > VPN
YES
NO