Hello all,
I am hoping someone else has seen this issue, and can provide some insight. We performed the above mentioned upgrade and have since lost icmp traffic from our DMZ to the outside. All icmp traffic passes fine from the inside->outside, or inside->DMZ. All icmp originating from the DMZ fails, and produces the following logging message:
6 |
Feb 01 2018 |
12:19:39 |
110003 |
192.168.3.144 |
46341 |
8.8.8.8 |
0 |
Routing failed to locate next hop for ICMP from DMZ:192.168.3.144/46341 to inside:8.8.8.8/0 |
Obviously, 8.8.8.8 is not on our inside network, and we experienced no issues before the upgrade to 9.1.7.20. Below are the relevant nat rules, and we are allowing icmp/echo,echo-reply,information-reply, and information-request in/out of the DMZ, in/out of OUTSIDE, and into INSIDE.
object network nat-Columbia-Ironport-DMZ
host 192.168.3.144
object network nat-Columbia-Ironport-DMZ
nat (DMZ,outside) static 74.4.20.144