|
It is strange that the IBMi is not reporting the first hop when you run
the traceroute.
This would suggest the firewall is blocking icmp on the inside interface.
I should have said tracert 192.168.2.60 from your PC but we know that
works and the IBMi would have been the next hop.
You will need to get your network person to run a packet capture at the
firewall to see what is happening.
The ping has to get to 192.168.2.254 as that is the default route and the
first hop
But it is not getting to you; so if you can trace the packet through the
firewall this should identify the issue.
Did this work previously ? What has changed ?
Hope this is some help.
Don
From: "Art Tostaine, Jr." <atostaine@xxxxxxxxx>
To: "Midrange Systems Technical Discussion"
<midrange-l@xxxxxxxxxxxxxxxxxx>
Date: 05/01/2021 11:12 AM
Subject: Re: Network firewall change, can't ping my PC
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>
Here are my answers inline.
You have not shown the subnet mask but I am presuming it is /24 or
255.255.255.0
CORRECT
So the IBMi is sending outbound traffic to the default route of
192.168.2.254 - What is the device at 192.168.2.254 a router or a firewall
or ?
FIREWALL
What is the device that provides the VPN is it the same device as
192.168.2.254 ?
YES
When you connect to the VPN an IP address is assigned, 10.10.1.200 and if
you run ipconfig /all (presuming windows) you will see this address, mask
and gateway.
Ethernet adapter FortiVPN:
IPv4 Address. . . . . . . . . . . : 10.10.1.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.2.200
8.8.8.8
So from your PC run a TRACERT 192.168.2.254 which will show you the hops
to get to the IBMi.
Tracing route to 192.168.2.254 over a maximum of 30 hops
1 28 ms 32 ms 28 ms Tostaine7 [10.10.1.200]
2 27 ms 33 ms 34 ms 192.168.2.254
You could then run a TRACEROUTE on the IBMi to 10.10.1.200 and see where
it fails.
--
TRACEROUTE RMTSYS('10.10.1.200')
Probing possible routes to 10.10.1.200 using *ANY interface.
1 * * *
2 * * *
and on and on
You will also need to check the firewall on your PC as ping will be denied
by default.
THIS IS DISABLED
Commonly for security routers and firewalls will have icmp disabled which
makes this type of investigation more difficult so the results of the
route tracing may be incomplete but could provide some clues.
IVE BEEN TOLD IT IS OK To PING
Lastly why do you need to ping your PC from the IBMi ? Is there another
problem ?
The IBM needs to talk to my PC so I can debug using the LANSA IDE
Thanks
On Mon, Jan 4, 2021 at 7:16 PM Art Tostaine, Jr. <atostaine@xxxxxxxxx>
wrote:
Thank you Don. I will get more info from the network guy.mask
On Mon, Jan 4, 2021 at 4:39 PM Don Brown via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:
You have not shown the subnet mask but I am presuming it is /24 or
255.255.255.0
So the IBMi is sending outbound traffic to the default route of
192.168.2.254 - What is the device at 192.168.2.254 a router or a
firewall
or ?
What is the device that provides the VPN is it the same device as
192.168.2.254 ?
When you connect to the VPN an IP address is assigned, 10.10.1.200 and
if
you run ipconfig /all (presuming windows) you will see this address,
whichand gateway.
So from your PC run a TRACERT 192.168.2.254 which will show you the
hops
to get to the IBMi.
You could then run a TRACEROUTE on the IBMi to 10.10.1.200 and see
where
it fails.
You will also need to check the firewall on your PC as ping will be
denied
by default.
Commonly for security routers and firewalls will have icmp disabled
IBMmakes this type of investigation more difficult so the results of the
route tracing may be incomplete but could provide some clues.
Lastly why do you need to ping your PC from the IBMi ? Is there another
problem ?
Thanks
Don
From: "Art Tostaine, Jr." <atostaine@xxxxxxxxx>
To: "Midrange Systems Technical Discussion"
<midrange-l@xxxxxxxxxxxxxxxxxx>
Date: 05/01/2021 06:33 AM
Subject: Network firewall change, can't ping my PC
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>
I connect to the VPN, the adapter gives me 10.10.1.200. I go to the
networki,
it can't ping the address.
IBM is 192.168.2.60, it has only have one *DFTROUTE to 192.168.2.254.
Display TCP/IP Route
Route destination . . . . . . . . . . : *DFTROUTE
Subnet mask . . . . . . . . . . . . . : *NONE
Type of service . . . . . . . . . . . : *NORMAL
Next hop . . . . . . . . . . . . . . . : 192.168.2.254
Tech says I don't need a route to 10.10.1.0 because this is a flat
and 192.168.2.254 will route the 10 address.
I tried adding another route but it didn't work
Route destination . . . . . . . . . . : 10.10.1.0
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Type of service . . . . . . . . . . . : *NORMAL
Next hop . . . . . . . . . . . . . . . : 192.168.2.254
Anyone have an idea? Thanks in advance
--
Art Tostaine
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=AGBGiXmH3HnEFpRhHDrVa4R7YT3nz33Lo6nHnD6sj2c&e=
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.midrange.com_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=KdGjy0sNQtzG1kQO6tBX3I3Xu6B-d7BpuCMaS-P0fOY&e=
related.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
questions.
Help support
https://urldefense.proofpoint.com/v2/url?u=http-3A__midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=SBaPC5nVZ6dMQ1G1rZQuqaV_Ze-xUpcQ7myUrSEQ8eQ&e=
by shopping at
https://urldefense.proofpoint.com/v2/url?u=http-3A__amazon.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=nlYdcXiM5JMSG-uLwpsCaLYJKFmLyfm6_FxVbOs8I4E&e=
with our affiliate link:
https://urldefense.proofpoint.com/v2/url?u=https-3A__amazon.midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=zjpxR1uH_5UVDPrQM8-2LffVzO4Gf3nrMknuP9kdj0M&e=
taken
--
This email has been scanned for computer viruses. Although MSD has
MSDreasonable precautions to ensure no viruses are present in this email,
use ofcannot accept responsibility for any loss or damage arising from the
this email or attachments..
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=uGMWI4p6rNFt1xtRJu6u15QvsQojOv_fZF4a81lteAc&e=
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.midrange.com_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=4c_sqZz0IND36Uwq8lZcsY-U1yPz2Cb2ye9dLZgyWH4&e=
.
related
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
questions.
Help support
https://urldefense.proofpoint.com/v2/url?u=http-3A__midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=F6R5wOVjyaCnSEsUzsKvr3t3RrX8t5bt34iXiilujes&e=
by shopping at
https://urldefense.proofpoint.com/v2/url?u=http-3A__amazon.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=SvWsEf5iwAnwg_f7TBkgYoOmWcybfLUDVD0rzKLiRcs&e=
with our affiliate
link:
https://urldefense.proofpoint.com/v2/url?u=https-3A__amazon.midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=MQgOSGr-pDf9IRA5Z91UuArKSM2B4HkHqzGgcuN9l3w&e=
--
Art Tostaine
--
Art Tostaine
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=uGMWI4p6rNFt1xtRJu6u15QvsQojOv_fZF4a81lteAc&e=
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.midrange.com_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=4c_sqZz0IND36Uwq8lZcsY-U1yPz2Cb2ye9dLZgyWH4&e=
.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support
https://urldefense.proofpoint.com/v2/url?u=http-3A__midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=F6R5wOVjyaCnSEsUzsKvr3t3RrX8t5bt34iXiilujes&e=
by shopping at
https://urldefense.proofpoint.com/v2/url?u=http-3A__amazon.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=SvWsEf5iwAnwg_f7TBkgYoOmWcybfLUDVD0rzKLiRcs&e=
with our affiliate link:
https://urldefense.proofpoint.com/v2/url?u=https-3A__amazon.midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=MQgOSGr-pDf9IRA5Z91UuArKSM2B4HkHqzGgcuN9l3w&e=
--
This email has been scanned for computer viruses. Although MSD has taken
reasonable precautions to ensure no viruses are present in this email, MSD
cannot accept responsibility for any loss or damage arising from the use of
this email or attachments..
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.