[Sidewinder] Ping Proxy

[Sidewinder moderated discussion list]

At first I figured you might check to make sure you haven't disabled passing thru ICMP on the affected interface, or that some other higher-priority deny rule isn't taking hold.  But you seem to have covered all of those bases already.

Sounds to me like something isn't compliant with the ICMP standard, either the router being too fussy or the Sidewinder proxy is getting something wrong (like perhaps returning it with the wrong IP or MAC address).

JRJ


> I am workingon a major install of a bunch of sidewinders.  All are running
> the same version and I use the ping proxy to allow ping through as needed.
> I just ran into a location last night where the ping proxy was not working.
> To test I got on routers on either side of the firewall and watched as the
> ho replies went all the way through and the echo replies came all the way
> back, proxies of course, but that shouldn't matter.  I even got onto the
> "client" router and verified that the echo reply is returning to that
> router's initiating interface, however the router shows a failed ping.
> Putting in a rule using the ICMP Packet Filter also failed but putting in an
> "Other Protocol Packet Filter" using icmp worked just fine. What is odd is
> that I have not had any probs at the other roughly 20 locations I've done
> this at.  The rule is near the top.about pos 5 right after a few "to the
> firewall" rules.  The version is 7.0.0.06.  Today I'm going catching the
> packets using the  working other protocol icmp filter and then using the
> ping proxy and compare them.  It is almost as if the echo-reply is changed
> to the point that the originator of that ping does not see it as belonging
> to that echo request.