nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Network Weirdness

jude56g

I'm at home connecting to a remote network via a VPN and I have noticed some wierdness which I can't explain. I'm hoping someone can identify what I am seeing and offer an explanation.

1. Here is the result of an ipconfig

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.104
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 4: <<< This is my VPN adapter.

Connection-specific DNS Suffix . : corp.cox.com
IP Address. . . . . . . . . . . . : 10.10.1.89
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1

The 192.x.x.x comes from my wireless router.
The 10.x.x.x is assigned by DHCP after the VPN connects.
Notied the Default Gateway on the 192.x.x.x adapter is suppressed after the VPN connects.

2. I ping the Default Gateway on the enterprise LAN.

Pinging 10.10.1.1 with 32 bytes of data:

Reply from 10.10.16.4: TTL expired in transit.
Reply from 10.10.16.4: TTL expired in transit.
Reply from 10.10.16.4: TTL expired in transit.
Reply from 10.10.16.4: TTL expired in transit.

I get a expired in transit message from a host in another subnet. I find this weird, I would expect to see an expired in transit message from a host which is beyond my gateway.

3. I attempt a trace to my gateway and again the results are weird.

Tracing route to 10.10.1.1 over a maximum of 30 hops

1 11 ms 9 ms 12 ms 10.10.16.4
!!! LINES OMITED FOR BREVITY
30 15 ms 15 ms 14 ms 10.10.16.4

4. I trace to this host on another subnet and the results make it look like we are on the same subnet since there are no intermediary hops.

Tracing route to 10.10.16.4 over a maximum of 30 hops

1 16 ms 10 ms 10 ms 10.10.16.4

Trace complete.

So my question is why would I not be able to ping my gateway, and why am I seeing these weird ping/trace results? Any ideas?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

dtlokee

From the perspective of the VPN it looks like one hop to the VPN head end device so you wouldn't see any of the "internet" hops in a traceroute output.

jude56g

dtlokee wrote: »

From the perspective of the VPN it looks like one hop to the VPN head end device so you wouldn't see any of the "internet" hops in a traceroute output.

That was my assumption from the get go, I wouldn't expect to see any of the public hops between me and the VPN concentrator. However, the thing that troubles me is once I'm connected to the VPN, and logically a part of the enterprise LAN, my connection to the enterprise gateway appears to be on the far side of the 10.10.16.4, as opposed to being in the same subnet to which I belong. Perhaps I do not fully understand how the VPN works operationally..

pham0329

Do a route print on your pc to see what the routing table looks like.

dtlokee

jude56g wrote: »

Ethernet adapter Local Area Connection 4: <<< This is my VPN adapter.

Connection-specific DNS Suffix . : corp.cox.com
IP Address. . . . . . . . . . . . : 10.10.1.89
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1

Looking at that you are on the same subnet as the default gateway... or maybe I don't understand the question.

jude56g

dtlokee wrote: »

Looking at that you are on the same subnet as the default gateway... or maybe I don't understand the question.

Yes, I am on the same subnet as the DG, but I can't successfully ping it.

But, the part that is confusing is that the "expired in transit" message is coming from a host on a different subnet.

Monkerz

Do you know what 10.10.16.4 is?

Do a 'netstat -rn' and paste the output in here.

What VPN client are you using? M$, Cisco, Juniper...?

dtlokee

What is 10.10.1.1? It may be configured not to respond to ping requests. Can you ping beyond it successfully? In some cases it's not even a real address.