Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-06-2012 09:44 AM
Hi
I have a simple L3 setup.
E1/1 connected to a router (default gateway to the internet). IP 192.168.119.2, untagged Zone VLAN1
E1/2.2 connected to a switch (VLAN 2 tagged). IP 10.2.2.1 (default gateway for the 10.2.2.0/24 network), Zone VLAN2
I have a default allow all rule, no nat (VLAN2 to VLAN1)
A ping from 10.2.2.51 to 8.8.8.8 doesn't work, so I started troubleshooting.
Monitor shows 10.2.2.51 to 8.8.8.8, Application "ping" allow
It does not mention any drops.
I did a tcp dump on the internet gateway and I do see request and reply getting in and out. All correct source / destination.
I did a tcp dump on the PA. I see the following in the 4 pcap files:
Receive: Echo request and reply
Transmit: only Echo Request
Firewall: Echo Request and reply
Drop: Echo reply
So, the question which drives me crazy is: Why is the PA dropping the echo reply packets and why is it not telling me that it has done so?
Thanks a lot in advance.
Andre
