Have you tried using traceroute instead of tracepath? Tracepath uses a range of User Datagram Protocol (UDP) ports, one or many of which might be blocked at the firewall. I suspect this is what’s happening, although I recommend further testing and analysis to figure out the root cause. Also, sometimes tools with lower privilege levels have limitations. For your situation, I suggest trying traceroute and also verifying the firewall protocols. Given what you’ve described, the IP routing appears to be functional.
View other responses to this question on the IT Knowledge Exchange (please note: SearchEnterpriseWAN.com and IT Knowledge Exchange registration are the same): Able to ping L3 VPN but unable to do tracepath
Email your VPN-related questions to firstname.lastname@example.org
Dig Deeper on Network Security
Related Q&A from Rainer Enders
Administrators don't have to worry about interoperability; integrated mobile application and device management is the best approach. Continue Reading
Ensuring that the client software itself is up to date is just one of many reasons why it's critical to oversee VPN clients. Continue Reading
To ensure mobile device security, VPN expert Rainer Enders explains that it is crucial to monitor changed states and block software modifications. Continue Reading