Zen Internet Support Forum

Hi all. I was asked to set up a tunnel between one remote office and head office for voip. Anyway I followed the knowledgebase article about establishing a lan to lan vpn between 2 Thomson ST608WL routers. The tunnel establishes but I can't ping between lans. Lans are in different subnets as recommended. Haven't actually tested the voip yet but I'm guessing it won't work as I can't seem to drive any traffic over the vpn. Tracert from router 1 to router 2 and vice versa times out. Ping also. I had previously set up the router at site A as a vpn server with different ipsec credentials but I have even gone as far as flushing ipsec completely from both routers and rebuilding. No joy. Bit stumped.

Aye - it does seem quite tricky to get working! 

Try completely turning off the firewall. You need to use the CLI option to do this (or use the CLI browser in the advanced section - link in the top right of the screen) - setting it to level disabled in the web interface doesn't completely remove it.

Not 100% sure about the command, its probably something like "firewall state=disabled", but if you use the CLI browser (or try starting to type a command and then press tab to bring up the available options to complete it in the CLI) you can easily find out what it is..
 

NB - check of course trying to ping an actual computer in the remote LAN, not the remote router itself. You'd need to specifically enable the ICMP echo responder service on the tunnel interface before that would work
 

---

Kindest regards,

James Sweet
http://www.zen.co.uk

Hi James,

I'm starting to think this just doesn't work. I have disabled both firewalls via the cli. I had previously enabled icmp_responder on both routers. I still can't ping router A from router B and vice versa. I noticed the gateway on router B had defaulted to 10.0.0.138 even though the lan ranges were of the 192.168.x.x type. So I deleted that ip address and now the gateway for ipsec0 is 192.168.0.254 as it should be. Still doesn't work. I can see that the tunnel is open and there aren't any errors. I just can't do anything with it. It's as if there's a firewall somewhere. But there isn't. It's strange that this should be such an abject failure. Before I had 2 ST608WLs I set up a vpn server on the one I had and, although it was kind of tricky, it did work.

 
Malc 

It works! Got the voip up and running and everything. Seems like you can't ping between the routers for some reason.........