Why am I able to ping but not do tracepath over my Layer 3 VPN?

Our VPN expert explains why a Layer 3 VPN can ping but not do a tracepath from the client in this response.

Rainer Enders

I am running a Layer 3 (L3) VPN between two edge routers and have connected one router to a Linux host client. I tried to ping an IP address from the client present on the other router that was learnt via my Border Gateway Protocol (BGP) VPN. It's pinging, but I am unable to do tracepath from the client. I get a "No Reply" after it goes to the interface of the router connected to the client. Why is this happening?

Have you tried using traceroute instead of tracepath? Tracepath uses a range of User Datagram Protocol (UDP) ports, one or many of which might be blocked at the firewall. I suspect this is what’s happening, although I recommend further testing and analysis to figure out the root cause. Also, sometimes tools with lower privilege levels have limitations. For your situation, I suggest trying traceroute and also verifying the firewall protocols. Given what you’ve described, the IP routing appears to be functional.

View other responses to this question on the IT Knowledge Exchange (please note: SearchEnterpriseWAN.com and IT Knowledge Exchange registration are the same): Able to ping L3 VPN but unable to do tracepath

Email your VPN-related questions to editor@searchenterprisewan.com

This was last published in March 2012

Why am I able to ping but not do tracepath over my Layer 3 VPN?

Our VPN expert explains why a Layer 3 VPN can ping but not do a tracepath from the client in this response.

Dig Deeper on Network Security

Ensuring a positive VPN deployment outcome

GRE IPsec tunnel and transport mode overhead

Are active-active network configurations possible over MPLS?

How can I allow and restrict user access on my VPN client?

Related Q&A from Rainer Enders

How can I allow and restrict user access on my VPN client?

How do I disable VPN passthrough? What are the pros and cons to disabling it?

Do Layer-3 MPLS VPNs need to have BGP-4 support?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

Everything Enterprise Connect 2020: News, trends and insights

Develop an effective unified communications security plan

Microsoft Teams vs. Zoom: Compare video conference platforms

SearchMobileComputing

The iOS 14 update offers little to enterprise users

Microsoft Authenticator for Android update adds options

Global smartphone sales took sizable hit in Q1

SearchDataCenter

A mechanical refrigeration system primer for admins

Red Hat Enterprise Linux 8.3 beta released

Data center power terms to give your vocab a jolt

SearchITChannel

ChannelCon 2020 speakers see room for innovation in economy

Channel business exit strategies during uncertain times

Digital transformation approaches favor speed in down market

Related Resources

Dig Deeper on Network Security

Ensuring a positive VPN deployment outcome

GRE IPsec tunnel and transport mode overhead

Are active-active network configurations possible over MPLS?

How can I allow and restrict user access on my VPN client?

Related Q&A from Rainer Enders

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.