12-04-2008 09:11 AM
I have a site-to-site vpn tunnel between two sites that works very well. However there is one segment on one of the ends that is not reachable. This is the error message I get when I attempt to ping:
1|Dec 04 2008 17:01:40|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside
4|Dec 04 2008 17:01:40|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside
4|Dec 04 2008 17:01:38|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside
1|Dec 04 2008 17:01:36|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside
4|Dec 04 2008 17:01:36|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside
1|Dec 04 2008 17:01:34|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside
4|Dec 04 2008 17:01:34|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside
The security policy (nonat + crypto's) include this segment, so that's not the issue.
Any idea?
12-04-2008 10:10 AM
Usually a routing problem. Could you post a show route?
12-04-2008 12:24 PM
You are right, the firewall was missing a route to the internal network. thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide