Re: No longer able to ping / tracert to VPN host at work
ecd1973
Newbie

@jumpin68 wrote:

Since minimal says accept in and out, one would think that is almost the same as having no firewall.

Were you able to ping your VPN from the Actiontec router?  Also, try disable the firewall on your PC.   Maybe somethig there is blocking.


Can't ping the VPN from the router directly.  Firewall makes no difference either.  Tracert shows the breakdown happening right at the end of the trace at hop 11.  I turned on full logging on the router to see if any packets were being rejected etc and the router logs all had green entries meaning all communications were being accepted.  Work still says they aren't blocking anything, but maybe it is my work's ISP that is blocking?

0 Likes
Re: No longer able to ping / tracert to VPN host at work
jumpin683
Contributor - Level 1

If the tracert is getting to hop 11, that device is blocking the tracert to the next hop router.  Something is being blocked at that router hop.  Is hop 11 a router on the Internet or a router at your work location?   See if your company can ping and tracert to your public IP address. 

0 Likes
Re: No longer able to ping / tracert to VPN host at work
ecd1973
Newbie

@jumpin68 wrote:

If the tracert is getting to hop 11, that device is blocking the tracert to the next hop router.  Something is being blocked at that router hop.  Is hop 11 a router on the Internet or a router at your work location?   See if your company can ping and tracert to your public IP address. 


It appears to be a router controlled by my work's ISP (ATT).  Update, FIOS says they aren't preventing traffic from getting there, work says they are wide open and not blocking anything, and work's ISP says they are not blocking anything.  Yet, the problem remains.  Can't ping from a 173.54.x.x IP and Tracert from same address fails at hop 11, which is the one right before my endpoint.

0 Likes
Re: No longer able to ping / tracert to VPN host at work
jumpin683
Contributor - Level 1
I suggest you enable ICMP on the Verizon router and see if someone from your office can ping you.
0 Likes
Re: No longer able to ping / tracert to VPN host at work
ecd1973
Newbie

@jumpin68 wrote:
I suggest you enable ICMP on the Verizon router and see if someone from your office can ping you.

Yes, they can ping me with no problem.  There are two people in my office now in the 173.54.x.x block through FIOS that can't get in.  Everyone is still saying "not me" but they are also saying "we'll look into it".   

0 Likes
Re: No longer able to ping / tracert to VPN host at work
ecd1973
Newbie

@ecd1973 wrote:

@jumpin68 wrote:
I suggest you enable ICMP on the Verizon router and see if someone from your office can ping you.

Yes, they can ping me with no problem.  There are two people in my office now in the 173.54.x.x block through FIOS that can't get in.  Everyone is still saying "not me" but they are also saying "we'll look into it".   


Another update from work.  They are firmly stating that this is a FIOS problem and not their problem.  From their standpoint, FIOS made a change that caused the issue, not them.  Changing to the 173.54.x.x block is the problem.  I can't get them to understand that either them or their ISP are blocking me.

0 Likes
Re: No longer able to ping / tracert to VPN host at work
jumpin683
Contributor - Level 1

Do you have wireshark installed?  I would be curious to know if you took a sniffer trace and see what the reply is saying about the last hop reply.  What is the router that fails the last tracert?  Maybe if its a router on the internet you can send a note to that ISP and tell them that people from 173.54 fail through their router. 

0 Likes
Re: No longer able to ping / tracert to VPN host at work
CharlesH
Specialist - Level 1

It's not a FiOS problem either,  its an issue with that gateway router restricting IP addresses in the 173 block.  I sent you a private message if you want to try to get you a new IP address, but it is certainly that bandwidth providers issue, not FiOS.

I don't like to play the blame game it doesn't get anything accomplished. We see the issue is at the HOP. You should really contact who ever is maintaining that router or have your job contact them to let that router route 173 address...

0 Likes
Re: No longer able to ping / tracert to VPN host at work
ecd1973
Newbie

Hey everyone,

Good news, I now have full connectivity to work.  Nothing changed on the FIOS side (still 173.54.x.x IP) so something must have changed at the endpoint.  I'll update again if I ever find out what changed, but the end result is still good.  Thanks so much to everyone who offered their help here.

0 Likes
Re: No longer able to ping / tracert to VPN host at work
CharlesH
Specialist - Level 1
Great to hear!
0 Likes