Only the active firewall is encrypting and decrypting IPSEC traffic. And that’s true…but the issue here is that the IPSEC tunnel is being terminated on an active/standby firewall HA pair. There’s no other way the packet could have gotten there except through the IPSEC tunnel. Upon reviewing in SmartView Tracker, I could see the incoming ICMP echo request being dropped by the standby firewall with the complaint, “Clear-text packet should be encrypted.” In my mind, I’m thinking that the ICMP echo request WAS encrypted. I have been troubleshooting an issue where my network monitoring station has been unable to ping the standby firewall interface via a VPN tunnel terminated on the remote firewall HA pair. One of those facepalm moments this morning.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |