Announcement

Collapse
No announcement yet.
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Issues w/ switches communication over VPN

    I set up a new system in a remote office a few weeks ago. At first we had issue with calling extensions between the offices, then I rebooted my network switches and it started working. Now it is not working again. After troubleshooting I have found that I cannot get a LSP_PING over the VPN and LSPCONLIST shows the switches on both sides but shows the remote sides INACTIVE, STATE_WAIT_REBOOT. A TRACEROUTE from the SG is incomplete. A PING from the SG is successful. A PING or TRACERT from the server is successful. My VPN is wide open, bandwidth is good. Please let know if you have any suggestions. Thanks. David
    Tags: None
  • #2
    What is the bandwidth? As you know, a VPN is routing over the internet and is not reliable, especially when a SG switch(s) is involved.
    -LC

    Comment

    • #3
      If a LSP ping isn't working, in most cases it is network related. Over VPNs, we've seen policies stop traffic. Ping is simple because it is ICMP. LSP operates at layer 7. You'll want to check all of your policies in between.

      Microsoft has a RPC ping tool that you can also use to verify full connectivity up to layer 7 across the vpn.

      Comment

      • #4
        I would look into ICMP Redirects. Disable them on your routers forcing the SG switch to always go to its default gateway.

        We had this issue a while back when sometimes calls would work and sometimes not. SG switch was updating properly.

        Jeremy

        Comment

        • #5
          We had the same issues with ICMP Redirects that Jeremy had. After disabling out trouble cleared up.

          Comment

          • #6
            Thanks Guys. I will look into the suggestions given and reply again. David

            Comment

            • #7
              Hi all,

              I hate to hijack someone else's post but I think I have the same issue, and wonder if the other VPN is Cisco as well?

              I just registered for the forums because of this same issue. I have a Cisco VPN set up and can not get a LSP-Ping through. I have found that if I change the IP address of the remote phone switch, it will work perfectly for a few days and then will stop working.

              To make this make even less sense....
              We have serveral sites on a WAN connections that all work all the time. We have this one site on a VPN connection. When it stops working, if I look in switch connectivity it still sees and works with most of the locations on the WAN, but not our corporate office.

              I have no traffic restricted for the VPN tunnel. The remote PIX is a PIX 501 that is basically default config + VPN tunnel. nothing fancy.

              Please help!

              Thanks in advance..

              -Jeff

              Comment

              • #8
                If the VPN tunnel is established using a Cisco hardware VPN client, you might want to do a PING from the subnet where the switch is located to the one where your phone is located.

                Hope this helps.

                Comment

                • #9
                  Jeff,

                  Make sure you are not using a easyvpn config. Make sure it is a site to site IPsec tunnel with static IP's.

                  Thanks,

                  Stephen

                  Comment

                  • #10
                    Not Cisco

                    Hey Jeff, both of the offices have Symantec SGS5400's for the VPN Host. I have not solved this yet. I believe it is going to be a routing problem in one of my switches. Hopefully will get to work on it this afternoon and I will update. David

                    Comment

                    Previous template Next
                    Working...
                    X