AnsweredAssumed Answered

ICMP is sometimes drop when send via IPSec Tunnel

Question asked by Lukas Nagy on Apr 27, 2018
Latest reply on Oct 18, 2018 by Sander Zumbrink

Hello,

 

I've encountered issue when sending ICMP ping to between hosts when sending through Site-to-site IPSec tunnel. Pings works for 5 minutes and then it stop working for few minutes.

 

Here is the output of fw zdebug drop when pings stop working:

 

;[cpu_1];[fw4_0];fw_log_drop_conn: Packet <dir 1, x.x.x.x:1285 -> y.y.y.y:0 IPP 1>, dropped by do_outbound, Reason: encryption failed;

 

Other traffic like SSH, VMWare VDP backups works without any issue.

 

I couldn't find any Secure knowledge regarding this issue, any pointers for further analysis?

 

Thank you.

Outcomes