At 23:38 26/03/01 -0800, Tony Rall wrote: > >output DENY ipsec0 PROTO=1 172.35.55.8:8 192.168.0.1:0 L=84 S=0x00 I=6966 > >F=0x0000 T=64 (#28) > > > >I found that port 8 is just a unassigned port and port 0 is a reserved >port. > >Does anyone out there have seen this error before. > >I don't know what firewall produced that log record (it would be better if >folks identified the systems involved), but it is surely referring to >protocol 1 (ICMP), type 8 (echo). (ICMP does not use ports.) He probably needs to configure his filtering rules to allow outbound icmp echo and inbound icmp echoreply... ipsec0 is either a network interface or a symbolic network interface used for IPSec packets. >As to why your firewall is blocking ICMP echo, I don't know. My IPSEC >tunnels do not do that. Yes, it's good practice to tell us what FW, what VPN, what software, what "anything" that migh help... regards, mouss - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
