I cannot ping anything on the internal corporate subnet, but I can ping the systems that are attached via VPNs. Everything works fine otherwise. All systems on the corporate subnet can ping the router and can access the internet, but the router seems to be having trouble seeing them.
Here is the get route output.
IPv4 Dest-Routes for <untrust-vr> (0 entries)
--------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP P: Permanent 😧 Auto-Discovered
iB: IBGP eB: EBGP O: OSPF E1: OSPF external type 1
E2: OSPF external type 2
IPv4 Dest-Routes for <trust-vr> (21 entries)
--------------------------------------------------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr Vsys
--------------------------------------------------------------------------------
* 5 0.0.0.0/0 eth0/0 66.196.199.249 C 0 1 Root
* 4 10.201.180.0/32 bgroup0 0.0.0.0 H 0 0 Root
15 10.201.188.0/24 tun.1 0.0.0.0 S 20 1 Root
17 10.201.190.0/24 tun.1 0.0.0.0 S 20 1 Root
16 10.201.191.0/24 tun.1 0.0.0.0 S 20 1 Root
11 10.201.184.0/24 tun.1 0.0.0.0 S 20 1 Root
7 10.201.185.0/24 tun.1 0.0.0.0 S 20 1 Root
19 10.201.186.0/24 tun.1 0.0.0.0 S 20 1 Root
14 10.201.187.0/24 tun.1 0.0.0.0 S 20 1 Root
* 3 10.201.180.0/24 bgroup0 0.0.0.0 C 0 0 Root
9 10.201.181.0/24 tun.1 0.0.0.0 S 20 1 Root
8 10.201.182.0/24 tun.1 0.0.0.0 S 20 1 Root
* 2 66.196.199.250/32 eth0/0 0.0.0.0 H 0 0 Root
* 1 66.196.199.248/29 eth0/0 0.0.0.0 C 0 0 Root
21 10.201.196.0/24 tun.1 0.0.0.0 S 20 1 Root
13 10.201.197.0/24 tun.1 0.0.0.0 S 20 1 Root
10 10.201.198.0/24 tun.1 0.0.0.0 S 20 1 Root
6 10.201.199.0/24 tun.1 0.0.0.0 S 20 1 Root
12 10.201.192.0/24 tun.1 0.0.0.0 S 20 1 Root
20 10.201.193.0/24 tun.1 0.0.0.0 S 20 1 Root
18 10.201.194.0/24 tun.1 0.0.0.0 S 20 1 Root
Its Route ID #4 that I am suspicious of.
Here is a ping output for the corporate subnet.
Target IPv4 address:10.201.180.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds[1]:
Source interface:bgroup0
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.201.180.5, timeout is 1 seconds
.....
Success Rate is 0 percent (0/5)
Here is a ping output for a VPN subnet.
Target IPv4 address:10.201.185.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds[1]:
Source interface:bgroup0
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.201.185.5, timeout is 1 seconds from bgroup
0
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=16/19/22 ms
I know that 10.201.180.5 can see the router, I'm using it to configure it.