Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 3874 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traceroute over IPSec VPN - Remote FW Not Visible

hspcd
Hi,
Does anyone know how we make the remote end ASG on our IPSec VPN tunnels visible in a traceroute?

When we run a traceroute from one side of a VPN tunnel we see the local-side ASG as a hop but not the remote side.

Thanks
-Clay


This thread was automatically locked due to age.
  • 0
    Hi, how do you have the ICMP settings configured on the remote ASG?

    Barry
  • 0 in reply to BarryG
    Both firewalls are configured identically.  From either side of the tunnel, the firewall on the remote end is not visible in the hops list.

    The following are all enabled on both firewalls:

    Allow ICMP on firewall
    Allow ICMP through firewall
    Log ICMP redirects

    Firewall is Ping visible
    Ping from Firewall
    Firewall forwards Pings

    Firewall is Traceroute visible
    Firewall forwards Traceroute