IKE V2 established, cannot ping remote side Gateway

steveli · August 27, 2023, 3:34am

I have established IKEV2 both side

Router A
LAN IP 192.168.10.1
PC : 192.168.10.20

Router B
LAN IP 192.168.96.1
PC :192.168.96.20

router A pc : 192.168.10.20 can successful ping 192.168.96.1 and 192.168.96.20 (RouterB and RouterB PC )
router B PC : 192.168.96.20 can successful ping 192.168.10.1 and 192.168.10.20 ( RouterA and RouterA PC)

but the isses is Router A cannot ping Router B 192.168.10.1 ping 192.168.96.1 , request time out
Router B cannot ping Router A 192.168.96.1 ping 192.168.10.1, request time out

I am out of ideas what to do next.
Any help would be appreciated…

Kentzo · August 28, 2023, 6:27am

Have you tried to manually specify the src-address property on /tool/ping? Needs to match traffic selectors in the policy.

steveli · August 28, 2023, 10:58am

Yes, tried source ping same issue. the ipsec policy allow /24 subnet

Kentzo · August 28, 2023, 3:11pm

Are you sure it’d not a firewall rule then?

Might be a too restrictive input filter for packets coming from WAN. If so, use the ipsec-policy property.