Ping not working in Routed (VTI) interface

contimaglio · Jan 31, 2022, 4:11 PM

I have successfully configured a IPSec tunnels between 192.168.150.0 (local network) and 10.10.0.0 (remote network).
I use VTI Phase2:

local endpoint is 172.30.2.1/30
remote endpoint is 172.30.2.2/30

The same configuration is applied (mirrored) on the remote FW. The tunnel is up and I can ping 10.10.0.0 hosts.

The problem is that while obviously I can ping 172.30.2.1 (local endpoint), I cannot ping 172.30.2.2 which is used for tunnel monitoring. So I am not able to monitor the tunnel.

I have allowed everything in the Firewall rule (IPSec section), and added a static route to 10.10.0.0 using the automatically generated gateway
Does anybody have any idea why?

pete35 · Jan 31, 2022, 4:41 PM

@contimaglio
maybe check/set the mtu size of the tunnel. best values are around 1300-1350. try to allow mss clamping.

contimaglio · Feb 1, 2022, 10:11 AM

Thanks for the suggestion but unfortunately no PING.
Since I am able to ping 172.30.2.1 (but not 172.30.2.2), could it be something related to firewall or routing?