Why am I able to ping but not do tracepath over my Layer 3 VPN?

I am running a Layer 3 (L3) VPN between two edge routers and have connected one router to a Linux host client. I tried to ping an IP address from the client present on the other router that was learnt via my Border Gateway Protocol (BGP) VPN. It's pinging, but I am unable to do tracepath from the client. I get a "No Reply" after it goes to the interface of the router connected to the client. Why is this happening?

Have you tried using traceroute instead of tracepath? Tracepath uses a range of User Datagram Protocol (UDP) ports, one or many of which might be blocked at the firewall. I suspect this is what’s happening, although I recommend further testing and analysis to figure out the root cause. Also, sometimes tools with lower privilege levels have limitations. For your situation, I suggest trying traceroute and also verifying the firewall protocols. Given what you’ve described, the IP routing appears to be functional.

View other responses to this question on the IT Knowledge Exchange (please note: SearchEnterpriseWAN.com and IT Knowledge Exchange registration are the same): Able to ping L3 VPN but unable to do tracepath

Email your VPN-related questions to [email protected]

Related Resources

IT in Europe: Security in the Cloud –SearchSecurity.com
IT in Europe: Adopting an Application-Centric Architecture –SearchSecurity.com
Addressing Data Security In The Cloud And Low Cost Large File Transfer –SearchSecurity.com
Infosec 2012: How to Help Your Organisation Deal with Next-Generation ... –SearchSecurity.com

Why am I able to ping but not do tracepath over my Layer 3 VPN?

Our VPN expert explains why a Layer 3 VPN can ping but not do a tracepath from the client in this response.

Dig Deeper on Network Security

How to perform packet loss tests and how they work

How to use traceroute to troubleshoot network problems

Ensuring a positive VPN deployment outcome

Solve network woes with NetTools by Terminal Software

Related Q&A from Rainer Enders

How can I allow and restrict user access on my VPN client?

How do I disable VPN passthrough? What are the pros and cons to disabling it?

Do Layer-3 MPLS VPNs need to have BGP-4 support?

SearchUnifiedCommunications

Big Tech's uneasy balance of capitalism, censorship

Microsoft slow to fulfill request for more Teams channel control

Ensure phone system compliance with 911 regulations

SearchMobileComputing

Samsung lowers the price of Galaxy phones with S21 line

Qualcomm to buy Nuvia for $1.4 billion

High phone prices driving consumers to the used phone market

SearchDataCenter

Get a template to estimate server power consumption per rack

When the chips are down, Intel turns to VMware's Pat Gelsinger

Intel CEO Bob Swan to be replaced by VMware's Pat Gelsinger

SearchITChannel

Cloud distributor Pax8 pursues UK growth, tech innovation

3 steps to blazing a trail to a better partner experience

Deloitte: Life sciences vertical taps cloud for R&D