Return to home page
Decrease font size by 1 pointChange font to 8 pointChange font to 9 point (default)Change font to 10 pointIncrease font size by 1 point

Log in or log out
Tech Notes

Ping Replies Not Received

Technical Note 2112

Last Reviewed 11-May-2007
Applies To
NetMotion Mobility Client
 Printer-friendly version

Summary

When using Mobility in a secure network configuration, a ping test may not receive replies as expected. This technical note provides information on that situation.

Explanation

Mobility will tunnel ping (ICMP) traffic, just as it tunnels TCP and UDP traffic. In normal situations—with the Mobility client connected—ping should behave just like your TCP and UDP applications: when ping traffic is generated on the Mobility client, the Mobility server proxies the traffic and the pings go out on the LAN the Mobility server resides on.

But there are a few differences in the way Mobility handles ICMP traffic vs. TCP and UDP traffic:

  • Mobility will tunnel ICMP only on Windows 2000 and Windows XP, not on Windows 98 or Windows CE.

  • To selectively bypass ping while connected (sending the pings out on the client's local network outside of the Mobility tunnel), use the -v 255 switch. For example:

    ping www.yahoo.com -v 255

    You can also just put the Mobility client into Bypass mode, in which case you don't have to use any special switches.

  • Pings from a connected client leave the Mobility server with the server's IP address as the source rather than the client's virtual IP address. This is unique to ICMP traffic—all other traffic leaves the server with the client's virtual IP address as the source.

    This can sometimes fool you into thinking that a client's virtual IP address can reach a remote host. For example, you could have an access control list (ACL) set up on a router or firewall that prevents certain IP addresses from reaching a remote subnet. If the ACL is configured to allow the server's IP address to reach that subnet but not the virtual IP address, you might be able to ping the subnet from a client, but not reach it with any TCP or UDP applications.

  • A ping from a remote host to a client's virtual IP address is answered by the server: the client never sees the ping, and no Mobility traffic is generated between the server and client. Thus pings from a remote host aren't useful in troubleshooting a client-server connection, but they're useful in making sure a remote host can see the client's virtual IP address.

    This also affects your ability to measure the round-trip time between a remote host and the client. If you ping from the remote host you are measuring only the round trip to the server and back. Instead, originate the ping on the client, have it go through the Mobility server, and then to the remote host. In this case the ping measures the entire round trip from the client to the remote host and back to the client.

Using Ping to Troubleshoot Connectivity Problems

Ping is often used in troubleshooting connectivity problems. You should keep some things in mind when testing connectivity problems when the Mobility client is installed on a device:

  • If the Mobility client is enabled but not connected, the ping traffic is proxied into a tunnel that doesn't have an end point, and the pings fail. When troubleshooting problems with the Mobility client connecting to the Mobility server, you should put the client into Bypass mode before using ping. This lets you test the connectivity of the network that the client is currently on.

  • Firewalls are often configured to not pass ICMP traffic in order to prevent security issues, such as address scanning (target identification), and historical problems associated with buffer overflows ("ping of death"). Thus, even though your Mobility client may connect through the firewall to your Mobility server, ping is not getting through. Make sure that you can ping the firewall from a known working device, or try pinging something that's less likely to block ICMP traffic, such as a DNS server.

Alternatives

In Mobility XE 6.50 and higher you can test connectivity between a Mobility client and server from the client properties. The Connectivity tool runs a test very similar to ping, but instead of using ICMP it uses the same UDP port through which the client connects to the server. Thus it can navigate through your firewall if the firewall is configured to allow Mobility traffic, and test the connectivity all the way to the server:

  1. Open the NetMotion Client Properties (right-click on the Mobility XE icon in the System tray and select Properties).

  2. Click on Diagnostics.

  3. In the Mobility Diagnostics window, click on Connectivity.

In Mobility 6.01 and earlier, use the command-line utility, Tellmes.exe.

Related Information

1519

Microsoft IP Utilities Function Differently when Using NetMotion Mobility Client

9979

NetMotion Mobility Technical Notes

Please comment on this technical note.