cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to reach to 2 of 5 branch offices through VPN.

SOLVED
Highlighted
New Contributor

Unable to reach to 2 of 5 branch offices through VPN.

Hi All,

 

 We have 5 branch offices and when I am trying to get to 2 of these branch offices from home, Juniper sa2500 (at HQ) doesnt detect them. It routes traffic through our HQ internal network (SA2500>switch>FW>Router). All sites are reachable through the HQ but the not the same through VPN


Attaching tracert output for one reachable branch office and the other unreachable below.

 

Reachable site:
C:\Windows\System32>tracert 10.10.x.x

Tracing route to x-xDC1 [10.10.x.x]
over a maximum of 30 hops:

  1    14 ms    28 ms    16 ms  10.200.200.200
  2    61 ms    54 ms    32 ms  10.10.x.3
  3   106 ms    19 ms    21 ms  10.10.x.2
  4    22 ms    21 ms    23 ms  10.10.xxx.4
  5    46 ms    38 ms    27 ms  x-xDC1 [10.10.x.x]

Trace complete.

Unreachable site:
C:\Windows\System32>tracert 10.15.x.x

Tracing route to 10.15.x.x over a maximum of 30 hops

  1     1 ms     5 ms     1 ms  HOME.NW [192.168.1.1]
  2     *     ^C
C:\Windows\System32>^Z


 

 The only thing I noticed different among the sites was the ip address. The 3 offices that are reachable are of 10.10.xx.xx /24 subnet. The 2 that are unreachable are 10.15.xx.xx /22 and 10.5.xx.xx /24 subnets. Is it allowing only 10.10.xx.xx subnets? I am however able to tracert till the previous hop to these 2 networks but when I do tracert to the 2 networks the first hop is my home router (192.168.1.1) instead of VPN tunneling server(10.200.200.200)

 

 I have wasted enough time trying to figure this out. Please help. Any help will be highly appreciated.

C:\Windows\System32>tracert 10.10.9.15
 
Tracing route to CA-GMDC1 [10.10.9.15]
over a maximum of 30 hops:
 
  1    14 ms    28 ms    16 ms  10.200.200.200
  2    61 ms    54 ms    32 ms  10.10.4.3
  3   106 ms    19 ms    21 ms  10.10.250.2
  4    22 ms    21 ms    23 ms  10.10.240.4
  5    46 ms    38 ms    27 ms  CA-GMDC1 [10.10.9.15]
 
Trace complete.
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Regular Contributor

Re: Unable to reach to 2 of 5 branch offices through VPN.

The fact you hit your home router on the first hop for the unreachable sites suggests the traffic is not being routed over the VPN connection. Check the split tunneling resource policy is allowing all the site subnets.

View solution in original post

2 REPLIES 2
Highlighted
New Contributor

Re: Unable to reach to 2 of 5 branch offices through VPN.

Ah! That did the trick. The added network was 10.10.0.0 /16. Changed it to 10.0.0.0 /24 and it worked!!!

Thanks for you input dcvers.

Highlighted
Regular Contributor

Re: Unable to reach to 2 of 5 branch offices through VPN.

The fact you hit your home router on the first hop for the unreachable sites suggests the traffic is not being routed over the VPN connection. Check the split tunneling resource policy is allowing all the site subnets.

View solution in original post