Site to Site ICMP traffic blocked?

Unanswered Question
Dec 7th, 2009

Hi I have two asa 5500 with a site to site tunnel. Everything on the small location works fine. But from the large location we cannot ping the host on the small location and vice versa. The small location can use internet over the large location. But also fileshares do not work.

How do I transparantly open the site to site tunnel?

When I ping from the large location in the network to a host on the small location I see in the 5550:

Deny inbound icmp src inside:  dst inside: (type 8, code 0)

Thx Marc

The large location has a 5550 and the small one a 5505.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Herbert Baerten Tue, 12/08/2009 - 03:42

Marc,

I'm a bit confused by the description, you say at the small site everything works fine but then later you say that ping and file shares don't work? Can you clarify what exactly works (only internet?) and what doesn't (all access to the main site?) ?

In any case, from that error you quote, this sounds like a routing issue: note that it says  "src inside:  dst inside:" so it thinks the destination is on the inside (while it should be on the outside, across the vpn tunnel).

If you'd like some help troubleshooting this further, we'll need more details - would you mind posting your configs and the full syslog message?

hth

Herbert

Actions

This Discussion