cannot ping segment through L2L

Unanswered Question
Dec 4th, 2008

I have a site-to-site vpn tunnel between two sites that works very well. However there is one segment on one of the ends that is not reachable. This is the error message I get when I attempt to ping:

1|Dec 04 2008 17:01:40|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:40|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:38|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

1|Dec 04 2008 17:01:36|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:36|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

1|Dec 04 2008 17:01:34|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:34|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

The security policy (nonat + crypto's) include this segment, so that's not the issue.

Any idea?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ronshuster Thu, 12/04/2008 - 12:24

You are right, the firewall was missing a route to the internal network. thank you.

Actions

This Discussion