I created two sub-interfaces on vEdge router - ge0/1.10 and g0/1.11. They are in the same VPN.
ge0/1.10 has IP address 10.1.10.1 (VLAN 10)
ge0/1.11 has IP address 10.1.11.1 (VLAN 11)
I have ge0/1 connect to a Cisco layer 2 switch as a trunk port. It's a "router on a stick" configuration.
I have computers connect to the L2 switch VLAN 10 (PC1) and VLAN11 (PC2) and set their default GW to the corresponding vEdge IP (10.1.10.1 and 10.1.11.1).
Here's my observation:
1) PC1 in VLAN 10 can ping both VLAN GW (10.1.10.1 nd 10.1.11.1)
2) PC1 in VLAN 10 cannot ping PC2 in VLAN 20.
3) Return code is "ICMP type:3, code:3, Destination port unreachable"
4) If PC1 in VLAN 10 tries to ping a non-exist endpoint in VLAN 20, it gets a different return code.
Based on the above, it looks like vEdge router is purposely blocking ICMP across VLANs. Is there any way to enable that? Thanks!