Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
1
Replies

only ping one way

shellfishtech
Level 1
Level 1

‎04-25-2011 09:26 PM

I have a site-to-site VPN with IP schemes of Location E 192.168.100.x and Location W 192.168.101.x - a third party vendor is requiring/requesting ping for their VOIP system. I can ping from Location W to Location E but not vice versa. I can ping the router inside interface (192.168.101.254 I believe) but not any of the hosts on the inside. Please help. I've checked all my ICMP references and they are as follows:

match protocol icmp

policy-map type inspect sdm-permit-icmpreply

class type inspect sdm-cls-icmp-access

  inspect

class class-default

  pass

class type inspect sdm-cls-icmp-access

policy-map type inspect sdm-permit
class type inspect sdm-cls-icmp-access
  inspect
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply

Labels:
0 Helpful
1 Reply 1

Asim Malik
Level 1
Level 1

‎04-25-2011 09:46 PM

Hi,

A few quick tests. Can you try disabling cef and see if that makes any difference. using an acl on private interface with log keyword that matches the traffic will make the  packets bypass cef.  Do you see any drops in the log. Also will you be able to disable  Zone based firewall and test ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents