cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
469
Views
0
Helpful
2
Replies

cannot ping segment through L2L

ronshuster
Level 1
Level 1

I have a site-to-site vpn tunnel between two sites that works very well. However there is one segment on one of the ends that is not reachable. This is the error message I get when I attempt to ping:

1|Dec 04 2008 17:01:40|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:40|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:38|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

1|Dec 04 2008 17:01:36|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:36|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

1|Dec 04 2008 17:01:34|106021: Deny ICMP reverse path check from 10.0.166.3 to 192.168.200.1 on interface inside

4|Dec 04 2008 17:01:34|400014: IDS:2004 ICMP echo request from 10.0.166.3 to 192.168.200.1 on interface inside

The security policy (nonat + crypto's) include this segment, so that's not the issue.

Any idea?

2 Replies 2

acomiskey
Level 10
Level 10

Usually a routing problem. Could you post a show route?

You are right, the firewall was missing a route to the internal network. thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: