Ping not working in Routed (VTI) interface
-
I have successfully configured a IPSec tunnels between 192.168.150.0 (local network) and 10.10.0.0 (remote network).
I use VTI Phase2:- local endpoint is 172.30.2.1/30
- remote endpoint is 172.30.2.2/30
The same configuration is applied (mirrored) on the remote FW. The tunnel is up and I can ping 10.10.0.0 hosts.
The problem is that while obviously I can ping 172.30.2.1 (local endpoint), I cannot ping 172.30.2.2 which is used for tunnel monitoring. So I am not able to monitor the tunnel.
I have allowed everything in the Firewall rule (IPSec section), and added a static route to 10.10.0.0 using the automatically generated gateway
Does anybody have any idea why? -
@contimaglio
maybe check/set the mtu size of the tunnel. best values are around 1300-1350. try to allow mss clamping. -
Thanks for the suggestion but unfortunately no PING.
Since I am able to ping 172.30.2.1 (but not 172.30.2.2), could it be something related to firewall or routing?