Re: ASA5510 VPN/NAT

jadeagro · ‎01-31-2007

Hello all,

I am having an issue with one of our VPN's that was recently setup and I am seeing ICMP errors. When I send a simple ping test to the destination IP, I am seeing the following messages while running the debug log-viewer:

208.x.x.x|Built ICMP connection for faddr 172.x.x.x/0 gaddr 208.x.x.x/512 laddr 208.x.x.x/512

6|Jan 31 2007|17:37:27|302020|172.x.x.x|10.x.x.x|Built ICMP connection for faddr 172.x.x.x/0 gaddr 208.x.x.x/512 laddr 10.x.x.x Jan 31 2007|17:37:27|609001|172.x.x.x||Built local-host internet:172.x.x.x

Denied ICMP type=0, code=0 from 172.x.x.x on interface internet

4|Jan 31 2007|17:37:27|313004|||Denied ICMP type=0, from laddr 172.x.x.x on interface internet to 208.x.x.x: no matching session

I do not have access to the firewall at the other end of the VPN, however I did contact the admin and he verified that the packets successfully came in and out. So I am not sure why I am getting the Denied ICMP and No Matching session error. Any help would be appreciated.

Thanks,

JD

talisman1310 · ‎01-31-2007

What is the device at your site and the remote dite?

When using a 7600series router with a VAC card you can create a loopback with the IP configured in the encrytion domain and try to ping the destination host.

ping source loopback