cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Pass ICMP across L2L VPN

155
Views
0
Helpful
1
Comments
Beginner

Hi All.

I am attempting to set up a L2L IPsec tunnel in a lab environment to isolate some problems that a client is having with his production network.

I want to be able to ping back and forth between the two sites so that I can determine when the link fails.  I am able to successfully ping from host A (behind ASA #1) to host B (behind ASA #2) but cannot successfully ping in the other direction (from host B to host A).

I ran debug ICMP and I can see ping requests coming in to ASA 1 but there is no return traffic.

I then ran packet-tracer and it shows a drop on phase 7 (Type VPN).  It says that it was dropped by a configured rule but gives no indication what ACE, let alone what ACL is blocking.

How can I determine how to fix the issue so that I can ping back and forth and conduct my tests?

I've attached a copy of the configs, along with the output of packet-tracer, and the one marked 'Hub' is the one having the issue.

Thanks.

1 Comment
Cisco Employee

Hi Christine,

Can you check if the traffic reaches the host A from host B ?

Just use Wireshark on the adapter and you would be able to find it ?

Regards,

Aditya