Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
2
Replies

cannot ping segment through L2L

ronshuster
Level 1
Level 1

‎12-04-2008 09:11 AM

I have a site-to-site vpn tunnel between two sites that works very well. However there is one segment on one of the ends that is not reachable. This is the error message I get when I attempt to ping:

1|Dec 04 2008 17:01:40|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:40|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:38|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

1|Dec 04 2008 17:01:36|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:36|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

1|Dec 04 2008 17:01:34|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:34|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

The security policy (nonat + crypto's) include this segment, so that's not the issue.

Any idea?

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎12-04-2008 10:10 AM

Usually a routing problem. Could you post a show route?

0 Helpful

ronshuster
Level 1
Level 1
In response to acomiskey

‎12-04-2008 12:24 PM

You are right, the firewall was missing a route to the internal network. thank you.

0 Helpful
Customers Also Viewed These Support Documents