02-21-2014 02:45 AM - edited 02-21-2020 07:31 PM
We are using Site to Site VPN for our branch offices.It was working fine, suddenly we found that branches LAN is not pinging from HUB.
We are using ASA 5520 at HUB and Sonicwall at TZ100 at spokes.
IPsec tunnel is up and users at spokes are working and hub is reachable from spokes. HUB LAN ip is pinging from spokes LAN ip.
Packet trace results : packet droped due to implicit deny rule for inside.
02-24-2014 09:36 AM
There is not much detail here to work with. But based on the description I would guess that the access lists that define the traffic to be carried through the tunnel include most user traffic but do not include these pings.
HTH
Rick
02-24-2014 03:07 PM
have you modified your Crypto ACL to include icmp and not just IP?
02-24-2014 07:54 PM
Hi Chris,
yes, i have modified Crypto ACL for icmp and IP. but still its not pinging from asa inside to sonicwall lan.
reverse ping is working fine.
02-24-2014 08:09 PM
Would need to see your acls and config. Do you have a Nat exemption? What are your inside standard acl rules? Might be conflicting.
03-17-2014 07:06 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide