Client VPN one user suddenly cannot connect; cannot even ping our public IP

Raywes88
New here

Client VPN one user suddenly cannot connect; cannot even ping our public IP

Got what I assumed would be a pretty routine VPN ticket this morning; however upon further investigation I'm pretty stumped. The user's internet connection appears to be working just fine but no packets reach our office at all (not even pings).

We spoke with her ISP and they of course assured us that it's not their fault.

5 REPLIES 5
PhilipDAth
Kind of a big deal

Have you got any other users with the same ISP?

 

Could also be the ISP for the office, or any of the ISPs ib between the Office ISP and the user's ISP.

 

The user doesn't have any software on their computer that might be blocking the traffic?

PhilipDAth
Kind of a big deal

Tried rebooting the users ISP router?

We did try that, good point about any other users with the same ISP; I'll check that out.

are pings going out to other sites ?

 

can you ping say 8.8.8.8 ?

did you do trace route from client to your external IP ?

Try different packet sizes too.

 100 and 1400 i use as testing.

 

They would be good start.

 

Then try the same from another location.

 

You will find often routing issues ISP - ISP in the path between their ISP and yours.

 

The issue if if a third party ISP, good luck trying to get them to fix the issue. But you can put pressure on your ISP to log tickets against their peering ISP.

GIdenJoe
Kind of a big deal

Running a traceroute from a place that does have reachability to your mx vs the traceroute from the guys who cannot could identify if they are being blocked early or near the last hop towards your network.

Usually the final hops towards your own router are always the same so you should at least see if they reach the hop right before your MX barring the ISP sends ICMP ttl expire messages back to you of course 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels