DDoS attack emergency?

Pinging over VPN with Cisco Routers

It is very common to need to test your site to site VPN from your VPN connected router. This guide demonstrates how you can send ping traffic across your VPN tunnel from your Cisco router.

Connect to your Cisco router VPN gateway using telnet, SSH, or console.

From the terminal window, you can type the command:

  • sh crypto isa sa

This will show all your VPN tunnels, if your tunnel is down – the correctly sent ping traffic will initiate the tunnel and bring it up, which is also very useful.

You can identify the remote subnets that are configured by typing the command:

  • sh crypto ipsec sa peer n.n.n.n | i remote
    (where n.n.n.n is the remote VPN external IP address)

Or you can check your access list configuration.

In this example, there are several remote subnets configured.

Assuming you know of a remote device that will respond to ping, you might attempt to ping it with the command:

  • ping n.n.n.n
    (where n.n.n.n is the remote device you are trying to ping)

However, as you can see from the above output, this simply times out or is unreachable.

In order to ensure the traffic is sent across the VPN tunnel, you need to specify the source address as the inside LAN address of the router.

To do this, use the command:

  • ping n.n.n.n source LANinterface
    (where n.n.n.n is the remote device you are trying to ping and where LANinterface is the router’s inside LAN port)

In this example, the command is:

  • ping 192.168.50.10 source GigabitEthernet0/1

You can see above that this sends the data with the LAN IP address as the source, and the remote IP address now responds.

This is how to send ping data across a site to site VPN using your Cisco VPN router.

back to top