Can anything between ipcop2 and ipcop3 ping server? It's hard to say where it's failing, so I would put a sniffer on ipcop3 listening on eth1 (That's the interface going to server right?). Then with the siffer running there I would ping from desktop to server and watch the echo requests/replys on ipcop3 eth1. Depending on if you get requests going out and no replys coming in or any other combination, it will help troubleshoot this further. Let us know what you find out.
Cheers, -- Personal: Trevor Lauder Web: http://www.thelauders.net E-Mail: [EMAIL PROTECTED] Work: Trevor Lauder Technical Services Specialist Wireless Networks Inc. Web: http://www.wirelessnetworksinc.com E-Mail: [EMAIL PROTECTED] Kevin Anderson said: > I have a routing issue that I can't figure out. > > Here's the situation. Unless spelled out in full, IPs are > 192.168.X.X/24 > > Desktop ------- IPCOP1 ======= IPCOP2 --------- IPCOP3 ======== > Server. 14.100 LAN 14.1 VPN 13.1 LAN 13.2 > Untrusted 204.239.225.162 > > I can Ping from the desktop to IPCOP3, (192.168.14.100 to 192.168.13.2), > however I can't reach Server. > > Here's what I've done that should matter. > > outbound. > IPcop 1 has a route to 204.239.225.162/32 on dev ipsec0 (I can't ping > the next hop, so I can't add the route) IPcop2 has a route for > 204.239.225.162/32 to IPcop3 > IPcop3 has a route to 204.239.225.162/32 on eth1 > > inbound. > IPcop3 has a default route of IPcop2 > IPcop2 has a route for 192.168.14.0/24 across the VPN to IPcop 1 > IPcop1 is in the same LAN as Desktop. > > Here's the situation. > Desktop can ping IPcop3, (anything in the 13.0 LAN.) > Anything in the 13.0 LAN can ping Desktop. > Desktop cannot reach server. > Server is not mine, so I can't test the reverse, but I suspect it'll > fail. The 13.0 LAN can reach Server. > > This connection gets NATted at IPcop3 > > Thanks In Advance > Kev.
