Site-toSite VPN can ping only directly connected LAN interface

Hi All,

Please we have a Site-to-Site VPN between a Head office with Meastro SMO (R81 T44) with VPN defined domain of and an assigned LAN interface of on the Maestro SMO object / Firewall object.

The remote site is an SMB appliance 1570R with R80.20, its VPN Domain is and an assigned LAN interface of

The VPN connection is up but we are only able to ping up to the the Local LAN interfaces of the firewalls but not to any LAN connected devices that are directly plugged into the devices. e.g. A device at the Head Office with IP can only ping, but not say which directly plugged into the 1570R.

The same reverse situation with pinging from say a device at Head Office with an IP of can ping but not which is directly connected.

On doing traceroute from the devices I realise that only pings to the LAN interfaces e.g. go through the tunnel, although the full subnets are defined correctly in the VPN domain. 


Any guidance is much appreciated. Thanks.

Routing issue on one of the sites, maybe? Run fw monitor traces on cleartext out of VPN tunnel to see where it dissapears.

