
Chapter 5
Troubleshooting SpeedTouch™ IPSec
5.5Pinging from the SpeedTouch™ to the remote private network
Ping command
Adapting the routing table
In order to verify that an IPSec tunnel is active, you can use the :ip debug ping CLI command of the SpeedTouch™. With this command you are able to send ping messages from the SpeedTouch™ to an IP address in the remote private network.
The transmission through an IPSec tunnel of messages originating from the SpeedTouch™ requires some adaptations to the SpeedTouch™ routing table. In general, this kind of traffic does not comply with the traffic policy of the VPN tunnel. Therefore, some adaptations to the routing table are required, which can only be performed via the Command Line Interface (CLI).
The adaptations to the routing table are made via the CLI.
Proceed as follows:
1Add a route to the remote private network. Explicitly specify the local LAN interface as the source interface in the route definition.
Example:
:ip rtadd dst 20.0.0.0/24 intf=ipsec0 srcintf=lan1
2Set the local private IP address of the SpeedTouch™ as the primary IP address. Example:
:ip ipconfig addr=10.0.0.254 primary=enabled
171 | |
|