Help Center/ Virtual Private Network/ Troubleshooting/ Successful Client Connection but Unavailable Services/ A Client Cannot Ping an ECS IP Address
Updated on 2025-02-05 GMT+08:00
View PDF
Share

A Client Cannot Ping an ECS IP Address

Symptom

A client is connected to a P2C VPN gateway, but cannot ping an ECS IP address.

Possible Causes

  • Ping detection is disabled on the client device or ECS.
  • Ping detection packets are denied by a security group of the ECS.
  • The local CIDR block of the VPN gateway does not contain the IP address of the ECS to be accessed.
  • The user group to which the user belongs is not configured, or the user group is not configured with the corresponding access policy.
  • After the specified IP address of a client is changed and the client automatically reconnects to the server, the route to the local subnet is not generated in the routing table on the Windows operating system.

Procedure

  • Check whether ping detection is disabled in an access control policy of the client device or ECS.

    If so, modify the policy to permit ping detection. For the Windows operating system, you also need to modify the inbound rules of the firewall to permit ICMPv4-In.

  • Verify that the inbound and outbound rules in the ECS's security group permit ICMP packets.
  • On the Server tab page of the VPN gateway, change the local CIDR block to include the IP address of the ECS to be accessed. Then, disconnect the client, reconnect it, and run the following command to check whether the client device receives the route advertised by the VPN gateway:
    • Windows operating system: route print command
    • Linux operating system: ip route show all command
  • On the user management page of the server, configure the user group to which the user belongs or configure an access policy for the user group.
  • Check the local CIDR block and client address pool configured on the server.
    • Local CIDR block: 192.168.1.XX
    • Client address pool: 172.16.0.0

    On the client, check whether the route to the local CIDR block is generated.

    • If the route is generated, the IP address assigned to the client is 172.16.0.5.
      The command output is as follows: 
      IPv4 Routing Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
     192.168.1.XX   255.255.255.0           172.16.0.0      172.16.0.5    281
     192.168.2.XX   255.255.255.0           172.16.0.0      172.16.0.5    281
     192.168.3.XX   255.255.255.0           172.16.0.0      172.16.0.5    281
===========================================================================
    • If the route is not generated, disconnect the client and reconnect it.