12-04-2008 09:11 AM
I have a site-to-site vpn tunnel between two sites that works very well. However there is one segment on one of the ends that is not reachable. This is the error message I get when I attempt to ping:
1|Dec 04 2008 17:01:40|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside
4|Dec 04 2008 17:01:40|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside
4|Dec 04 2008 17:01:38|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside
1|Dec 04 2008 17:01:36|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside
4|Dec 04 2008 17:01:36|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside
1|Dec 04 2008 17:01:34|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside
4|Dec 04 2008 17:01:34|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside
The security policy (nonat + crypto's) include this segment, so that's not the issue.
Any idea?
12-04-2008 10:10 AM
Usually a routing problem. Could you post a show route?
12-04-2008 12:24 PM
You are right, the firewall was missing a route to the internal network. thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: