Reply
New Member
Posts: 3
Registered: ‎01-16-2018

S2S VPN EdgeRouter - Sonicwall. Only pinging one way

Hey Guys,

 

I have been looking through the forums and still having an issue.  Disclaimer that I am a EdgeRouter Noob but familiar with firewalls in general.  We are using firmware version 1.10.0 (most recent firmware).  This is configured with an IPSEC s2s vpn without vti.

 

So ill say it was a heck of a time just getting the tunnel established.  For whatever reason the WAN interface wasn't responding.  Finally got that working.

 

Remote = EdgeRouter side Network = 192.168.0.0/24  GW = 192.168.0.1 coming out of eth2.  eth0 is the WAN port

Local = Sonicwall side Network = 192.168.1.0/24  GW = 192.168.1.1

 

My pc's behind the Edgerouter are able to ping through the tunnel to where they need to be on my local network.  My local network can ONLY get to the GW of the edgerouter and no further.

 

The check box to create local firewall and NAT rules was checked with at the creation of the VPN.  I know that it has to be a firewall rule but I cannot for the life of me find where it is (there are no firewall rules listed in the GUI that would block any traffic to that interface, unless there is a hidden implicit deny somewhere).

 

Any pointers will be appreciated Man Happy

 

Highlighted
Ubiquiti Employee
Posts: 1,317
Registered: ‎05-08-2017
Kudos: 291
Solutions: 228

Re: S2S VPN EdgeRouter - Sonicwall. Only pinging one way

Can you share the (sanitized) configuration snippet of the EdgeRouter VPN,firewall and NAT configuration? When you use the IPsec auto-firewall feature, then you do not need to manually create any firewall or NAT rules.

 

When pinging, make sure that the devices are not blocking ICMP requests in their local firewalls (Windows does this by default). Another thing you can check are the ingress and egress VPN traffic counters when you run:

show vpn ipsec sa

 

If the return traffic is leaving the EdgeRouter (in and out counters are both increasing) then it is possible that the Sonicwall is blocking the inbound traffic.

 

Ben


Ben Pin - EdgeMAX Support

New Member
Posts: 3
Registered: ‎01-16-2018

Re: S2S VPN EdgeRouter - Sonicwall. Only pinging one way

That is a really good point.  I wont have access to the location until tomorrow, but the most likely reason to me now seems to be the windows firewall...  Didn't even consider it since I haven't had to think about that for such a long time.  If thats it I may just ram my head through a wall Man Happy.

 

Ill update as soon as I can test.

Reply