Why am I able to ping but not do tracepath over my Layer 3 VPN?

Our VPN expert explains why a Layer 3 VPN can ping but not do a tracepath from the client in this response.

Rainer Enders

I am running a Layer 3 (L3) VPN between two edge routers and have connected one router to a Linux host client. I tried to ping an IP address from the client present on the other router that was learnt via my Border Gateway Protocol (BGP) VPN. It's pinging, but I am unable to do tracepath from the client. I get a "No Reply" after it goes to the interface of the router connected to the client. Why is this happening?

Have you tried using traceroute instead of tracepath? Tracepath uses a range of User Datagram Protocol (UDP) ports, one or many of which might be blocked at the firewall. I suspect this is what’s happening, although I recommend further testing and analysis to figure out the root cause. Also, sometimes tools with lower privilege levels have limitations. For your situation, I suggest trying traceroute and also verifying the firewall protocols. Given what you’ve described, the IP routing appears to be functional.

View other responses to this question on the IT Knowledge Exchange (please note: SearchEnterpriseWAN.com and IT Knowledge Exchange registration are the same): Able to ping L3 VPN but unable to do tracepath

Email your VPN-related questions to editor@searchenterprisewan.com

This was last published in March 2012

Why am I able to ping but not do tracepath over my Layer 3 VPN?

Our VPN expert explains why a Layer 3 VPN can ping but not do a tracepath from the client in this response.

Dig Deeper on Network Security

How to perform packet loss tests and how they work

How to use traceroute to troubleshoot network problems

Ensuring a positive VPN deployment outcome

Solve network woes with NetTools by Terminal Software

Related Q&A from Rainer Enders

How can I allow and restrict user access on my VPN client?

How do I disable VPN passthrough? What are the pros and cons to disabling it?

Do Layer-3 MPLS VPNs need to have BGP-4 support?

Start the conversation

0 comments

Please create a username to comment.

SearchUnifiedCommunications

Enterprises mull software-based business phone alternatives

Zoom Phone system users share their success stories and setbacks

RingCentral offers bulk SMS for reaching customers

SearchMobileComputing

Election apps, advertising target mobile phone users

5G isn't for the iPhone 12 buyer

Learn 5 Microsoft Intune security features for mobile admins

SearchDataCenter

Admins eye on-premises and cloud hybrid IT management

IBM Red Hat vs. SUSE: How do these Linux distributions stack up?

RHEL 8.3 updates target digital transformation

SearchITChannel

Implementing SAP S/4HANA during a pandemic

Cisco Partner Summit 2020 emphasizes services, adoption, APIs

Colocation, managed services meet legacy needs, point to cloud

Related Resources

Dig Deeper on Network Security

How to perform packet loss tests and how they work

How to use traceroute to troubleshoot network problems

Ensuring a positive VPN deployment outcome

Solve network woes with NetTools by Terminal Software

Related Q&A from Rainer Enders

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.