Unidirectional Ping problem

Publication Date:  2012-12-18 Views:  780 Downloads:  0
Issue Description

From the PC side Ping is the LNS gateway, in LAC to PC gateway do source address Ping is LNS, LNS can ping PC gateway address.
Alarm Information
Handling Process
Through the examination of related equipment configuration, found no one-way Ping strategy application, once come to a deadlock problem.Further examination of LNS equipment, check the session table found received to end the request message, but no response message count. The following session table in the send message count is 0.
 icmp  VPN:public --> public                                                
  Zone: untrust--> local  TTL: 00:00:20  Left: 00:00:20                      
  Interface: InLoopBack0  NextHop:  MAC: 00-00-00-00-00-00         
  <--packets:0 bytes:0   -->packets:5 bytes:420                       >     
A further route discovery of anomalies.The routing table is found in is a local address. At the LNS end of Ping but not distal to the local
[LNS]disp ip rout               
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface   Direct 0    0           D     Vlanif1    Direct 0    0           D       InLoopBack0   

Further examination of LNS end of the is a useless address, the address is deleted, LAC and LNS side can mutually normal Ping.
Root Cause
General one-way Ping issues in most cases belong to the firewall policy control problem, which allows only a direction for initiating Ping request, rejected another Ping request, formation of unidirectional Ping, one-way Ping only based on state processing equipment, general equipment can not be achieved by packet forwarding one-way ping.