icmp stops a 20997 bytes Filter trace HQ to remote site EBMFGT-B # id=13 trace_id=1162 msg="vd-root received a packet(proto=1, 192.168.1.82:2->192.168.7.1:8) from internal1." id=13 trace_id=1162 msg="allocate a new session-05144dbc" id=13 trace_id=1162 msg="Match policy routing: to xxx.xxx.xxx.129 via ifindex-3" id=13 trace_id=1162 msg="find a route: gw-xxx.xxx.xxx.129 via wan2" id=13 trace_id=1162 msg="use addr/intf hash, len=11" id=13 trace_id=1162 msg="Allowed by Policy-40: encrypt" id=13 trace_id=1162 msg="enter IPsec tunnel-3G_Sites_0" id=13 trace_id=1162 msg="encrypting, and send to xxx.xxx.xxx.59 with source xxx.xxx.xxx.130" id=13 trace_id=1162 msg="send to xxx.xxx.xxx.129 via intf-wan2" id=13 trace_id=1163 msg="vd-root received a packet(proto=1, 192.168.1.82:2->192.168.7.1:8) from internal1." id=13 trace_id=1163 msg="Find an existing session, id-05144dbc, original direction" id=13 trace_id=1163 msg="enter IPsec tunnel-3G_Sites_0" id=13 trace_id=1163 msg="encrypting, and send to xxx.xxx.xxx.59 with source xxx.xxx.xxx.130" id=13 trace_id=1163 msg="send to xxx.xxx.xxx.129 via intf-wan2" id=13 trace_id=1164 msg="vd-root received a packet(proto=1, 192.168.1.82:2->192.168.7.1:8) from internal1." id=13 trace_id=1164 msg="Find an existing session, id-05144dbc, original direction" id=13 trace_id=1164 msg="enter IPsec tunnel-3G_Sites_0" id=13 trace_id=1164 msg="encrypting, and send to xxx.xxx.xxx.59 with source xxx.xxx.xxx.130" id=13 trace_id=1164 msg="send to xxx.xxx.xxx.129 via intf-wan2" id=13 trace_id=1165 msg="vd-root received a packet(proto=1, 192.168.1.82:2->192.168.7.1:8) from internal1." id=13 trace_id=1165 msg="Find an existing session, id-05144dbc, original direction" id=13 trace_id=1165 msg="enter IPsec tunnel-3G_Sites_0" id=13 trace_id=1165 msg="encrypting, and send to xxx.xxx.xxx.59 with source xxx.xxx.xxx.130" id=13 trace_id=1165 msg="send to xxx.xxx.xxx.129 via intf-wan2" sniffer from HQEBMFGT-B # diag sniffer packet internal1 'host 192.168.1.82 and host 192.168.7.1' interfaces=[internal1] filters=[host 192.168.1.82 and host 192.168.7.1] 5.296612 192.168.1.82 -> 192.168.7.1: icmp: echo request (frag 18577:1480@0+) 5.296739 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@1480+) 5.296863 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@2960+) 5.296989 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@4440+) 5.297113 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@5920+) 5.297237 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@7400+) 5.297364 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@8880+) 5.297486 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@10360+) 5.297612 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@11840+) 5.297738 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@13320+) 5.297863 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@14800+) 5.297987 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@16280+) 5.298120 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@17760+) 5.298238 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:1480@19240+) 5.298258 192.168.1.82 -> 192.168.7.1: ip-proto-1 (frag 18577:285@20720) id=13 trace_id=1166 msg="vd-root received a packet(proto=1, 192.168.1.82:2->192.168.7.1:8) from internal1." id=13 trace_id=1166 msg="allocate a new session-0514a116" id=13 trace_id=1166 msg="Match policy routing: to xxx.xxx.xxx.129 via ifindex-3" id=13 trace_id=1166 msg="find a route: gw-xxx.xxx.xxx.129 via wan2" id=13 trace_id=1166 msg="use addr/intf hash, len=11" id=13 trace_id=1166 msg="Allowed by Policy-40: encrypt" id=13 trace_id=1166 msg="enter IPsec tunnel-3G_Sites_0" id=13 trace_id=1166 msg="encrypting, and send to xxx.xxx.xxx.59 with source xxx.xxx.xxx.130" id=13 trace_id=1166 msg="send to xxx.xxx.xxx.129 via intf-wan2" Flow from remote to hq MobileConcrete # id=20085 trace_id=1023 msg="vd-root received a packet(proto=1, 192.168.1.83:1->192.168.7.1:8) from wan1." id=20085 trace_id=1023 msg="allocate a new session-0000c718" id=20085 trace_id=1024 msg="vd-root received a packet(proto=1, 192.168.7.1:1->192.168.1.83:0) from local." id=20085 trace_id=1024 msg="Find an existing session, id-0000c718, reply direction" id=20085 trace_id=1024 msg="enter IPsec tunnel-Phase1_3G" id=20085 trace_id=1024 msg="send to xxx.xxx.xxx.130 via intf-wan1" id=20085 trace_id=1025 msg="vd-root received a packet(proto=1, 192.168.1.83:1->192.168.7.1:8) from wan1." id=20085 trace_id=1025 msg="Find an existing session, id-0000c718, original direction" id=20085 trace_id=1026 msg="vd-root received a packet(proto=1, 192.168.7.1:1->192.168.1.83:0) from local." id=20085 trace_id=1026 msg="Find an existing session, id-0000c718, reply direction" id=20085 trace_id=1026 msg="enter IPsec tunnel-Phase1_3G" id=20085 trace_id=1026 msg="send to xxx.xxx.xxx.130 via intf-wan1" sniffer from remote to hq MobileConcrete # diag sniffer packet any 'host 192.168.7.1 and host 192.168.1.83' interfaces=[any] filters=[host 192.168.7.1 and host 192.168.1.83] id=20085 trace_id=1027 msg="vd-root received a packet(proto=1, 192.168.1.83:1->192.168.7.1:8) from wan1." id=20085 trace_id=1027 msg="allocate a new session-0000c726" id=20085 trace_id=1028 msg="vd-root received a packet(proto=1, 192.168.7.1:1->192.168.1.83:0) from local." id=20085 trace_id=1028 msg="Find an existing session, id-0000c726, reply direction" id=20085 trace_id=1028 msg="enter IPsec tunnel-Phase1_3G" id=20085 trace_id=1028 msg="send to xxx.xxx.xxx.130 via intf-wan1" 7.992818 192.168.1.83 -> 192.168.7.1: icmp: echo request 12.734981 192.168.1.83 -> 192.168.7.1: icmp: echo request id=20085 trace_id=1029 msg="vd-root received a packet(proto=1, 192.168.1.83:1->192.168.7.1:8) from wan1." id=20085 trace_id=1029 msg="Find an existing session, id-0000c726, original direction" id=20085 trace_id=1030 msg="vd-root received a packet(proto=1, 192.168.7.1:1->192.168.1.83:0) from local." id=20085 trace_id=1030 msg="Find an existing session, id-0000c726, reply direction" id=20085 trace_id=1030 msg="enter IPsec tunnel-Phase1_3G" id=20085 trace_id=1030 msg="send to xxx.xxx.xxx.130 via intf-wan1" sniffer on remote host failing icmp to printer 313.533640 192.168.1.82 -> 192.168.7.210: icmp: echo request 313.534268 192.168.1.82 -> 192.168.7.210: icmp: echo request (frag 25773:1480@0+) 313.534313 192.168.1.82 -> 192.168.7.210: icmp: echo request (frag 25773:1480@0+) 313.534363 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:1480@1480+) 313.533985 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:1480@1480+) 313.534016 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:1480@2960+) 313.534042 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:1480@2960+) 313.534072 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:1480@4440+) 313.534099 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:1480@4440+) 313.534130 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:1480@5920+) 313.534158 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:1480@5920+) 313.534188 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:804@7400) 313.534214 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 25773:804@7400) 318.151919 192.168.1.82 -> 192.168.7.210: icmp: echo request 318.152515 192.168.1.82 -> 192.168.7.210: icmp: echo request (frag 26171:1480@0+) 318.152557 192.168.1.82 -> 192.168.7.210: icmp: echo request (frag 26171:1480@0+) 318.152602 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:1480@1480+) 318.152631 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:1480@1480+) 318.152660 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:1480@2960+) 318.152687 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:1480@2960+) 318.152716 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:1480@4440+) 318.152741 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:1480@4440+) 318.152772 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:1480@5920+) 318.152800 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:1480@5920+) 318.152828 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:804@7400) 318.152855 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 26171:804@7400) sniffer on remote host working icmp to printer 367.287376 192.168.1.82 -> 192.168.7.210: icmp: echo request (frag 29240:1480@0+) 367.287419 192.168.1.82 -> 192.168.7.210: icmp: echo request (frag 29240:1480@0+) 367.287467 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:1480@1480+) 367.287495 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:1480@1480+) 367.287526 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:1480@2960+) 367.287552 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:1480@2960+) 367.287581 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:1480@4440+) 367.287607 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:1480@4440+) 367.287636 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:1480@5920+) 367.287664 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:1480@5920+) 367.287692 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:800@7400) 367.287718 192.168.1.82 -> 192.168.7.210: ip-proto-1 (frag 29240:800@7400) 367.289680 192.168.7.210 -> 192.168.1.82: icmp: echo reply (frag 8544:1480@0+) 367.289680 192.168.7.210 -> 192.168.1.82: icmp: echo reply (frag 8544:1480@0+) 367.290052 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:1480@1480+) 367.290052 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:1480@1480+) 367.290391 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:1480@2960+) 367.290391 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:1480@2960+) 367.290724 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:1480@4440+) 367.290724 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:1480@4440+) 367.291284 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:1480@5920+) 367.291284 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:1480@5920+) 367.291932 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:800@7400) 367.291932 192.168.7.210 -> 192.168.1.82: ip-proto-1 (frag 8544:800@7400)