12-02-2010 06:46 AM - edited 02-21-2020 05:00 PM
Hi,
I am configuring a site-2-site vpn connection between ASA5505 and Checkpoint firewall.
In the logs it shows that IPsec phase 1 and 2 are getting completed but when my remote network tries to ping my local lan network it shows connection denied ICMP src XXXXX to dst XXXX denied (reason-8).
Please help me outto fix this issue,
Best regards,
Pulkit
12-02-2010 08:09 AM
I would suggest to run a packet tracer on the ASA to see if the packet is flowing through fine or where its getting dropped. Also see if there are any vpn filters configured for the tunnel?
See if other traffic is flowing fine through the tunnel. If yes, then check the icmp commands on the ASA to make sure its not blocked.
12-05-2010 11:01 PM
12-06-2010 07:36 AM
remove the management-only command from the management interface( which I assume is the LAN interface). And check logs to see if you seeing any particular error messages. Set the logging buffered to debugging.
12-06-2010 10:11 PM
Hi,
3 site to site VPN are already working on the same config but for dest. 172.25.66.0 network its not working.
I tried packet traker also it shows the packet is denied by access rule.
Is it possible tha Checkpoint isblocking the flow.
Kindly suggest.
Regards,
Pulkit
12-07-2010 12:04 AM
Hi,
I dont see any Tx packets in VPN details. But shows RX bits.
Kindly suggest.
12-07-2010 08:51 AM
hi Pulkit,
could you attach the packet-tracer output here? we could have a look at that and get back to you with something then!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide