Morning All,

I've been try to deploy an application that communicates over our site to site vpn. Unfortunately the app has been complaining that it fails to reach its counterpart in site A.

From site B i can ping, tracert and communicate with the whole subnet in site A 172.16.0.x 255.255.248.0.

From site A however i can only ping, tracert and communicate with part of the subnet, everything from 173.16.16.0 - 254, but cannot from 172.16.17.1 onwards.

Something that i have noticed is that from site A, when i tracert to something in site B 172.16.16.x the results show that the first hop isn't my expected external gateway primary ip address. Instead it first hits one of the other external ips we have configured as a listener.

I've checked what i think is the obvious but I'm now struggling. Any assistance would be greatly appreciated.

Simon

Hi,

Thank you for the post.

According to the description, the whole subnet in siteA: 172.16.0.0/21 is from 172.16.0.1 to 172.16.7.254. I'd like to confirm whether this subnet is the internal network in siteA or vpn client subnet? how do you configure the vpn subnet in siteB?

Regards,

Hi Nick,

172.16.0.1 - 172.16.7.254 is site A internal network

172.16.16.1 - 172.16.23.254 is site B internal network

As described above we can only communicate with part of site B from site A. If i jump onto a computer in site B from Site A then the rest of site B is available locally.