Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
1
Replies

Site to Site ICMP traffic blocked?

MJonkers
Level 1
Level 1

‎12-07-2009 08:26 AM

Hi I have two asa 5500 with a site to site tunnel. Everything on the small location works fine. But from the large location we cannot ping the host on the small location and vice versa. The small location can use internet over the large location. But also fileshares do not work.

How do I transparantly open the site to site tunnel?

When I ping from the large location in the network to a host on the small location I see in the 5550:

Deny inbound icmp src inside:  dst inside: (type 8, code 0)

Thx Marc

The large location has a 5550 and the small one a 5505.

Labels:
0 Helpful
1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

‎12-08-2009 03:42 AM

Marc,

I'm a bit confused by the description, you say at the small site everything works fine but then later you say that ping and file shares don't work? Can you clarify what exactly works (only internet?) and what doesn't (all access to the main site?) ?

In any case, from that error you quote, this sounds like a routing issue: note that it says  "src inside:  dst inside:" so it thinks the destination is on the inside (while it should be on the outside, across the vpn tunnel).

If you'd like some help troubleshooting this further, we'll need more details - would you mind posting your configs and the full syslog message?

hth

Herbert

0 Helpful
Customers Also Viewed These Support Documents