Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site ICMP traffic blocked?

Hi I have two asa 5500 with a site to site tunnel. Everything on the small location works fine. But from the large location we cannot ping the host on the small location and vice versa. The small location can use internet over the large location. But also fileshares do not work.

How do I transparantly open the site to site tunnel?

When I ping from the large location in the network to a host on the small location I see in the 5550:

Deny inbound icmp src inside:  dst inside: (type 8, code 0)

Thx Marc

The large location has a 5550 and the small one a 5505.

Cisco Employee

Re: Site to Site ICMP traffic blocked?


I'm a bit confused by the description, you say at the small site everything works fine but then later you say that ping and file shares don't work? Can you clarify what exactly works (only internet?) and what doesn't (all access to the main site?) ?

In any case, from that error you quote, this sounds like a routing issue: note that it says  "src inside:  dst inside:" so it thinks the destination is on the inside (while it should be on the outside, across the vpn tunnel).

If you'd like some help troubleshooting this further, we'll need more details - would you mind posting your configs and the full syslog message?