I am configuring a site-2-site vpn connection between ASA5505 and Checkpoint firewall.
In the logs it shows that IPsec phase 1 and 2 are getting completed but when my remote network tries to ping my local lan network it shows connection denied ICMP src XXXXX to dst XXXX denied (reason-8).
Please help me outto fix this issue,
I would suggest to run a packet tracer on the ASA to see if the packet is flowing through fine or where its getting dropped. Also see if there are any vpn filters configured for the tunnel?
See if other traffic is flowing fine through the tunnel. If yes, then check the icmp commands on the ASA to make sure its not blocked.
remove the management-only command from the management interface( which I assume is the LAN interface). And check logs to see if you seeing any particular error messages. Set the logging buffered to debugging.
3 site to site VPN are already working on the same config but for dest. 172.25.66.0 network its not working.
I tried packet traker also it shows the packet is denied by access rule.
Is it possible tha Checkpoint isblocking the flow.
could you attach the packet-tracer output here? we could have a look at that and get back to you with something then!