Ping Test drops with code 727 from VPN to internal X interface
I found this other article, but it doesn't quite match the configuration conditions of our setup. I did try the idea in it anyway but it still didn't work.
I cannot get a ping reply from the Sonic Wall router at one site over a Site to Site VPN. But I can get a ping reply from any other device on that network with the Sonic Wall router over the VPN. It is driving me nuts!!
So our scenario:
X0 left as default LAN zone
X2 as 192.168.6.1 under a Zone called Staff, with X3, 4, 5 as portshield to X2
W0 Layer2 Bridge to X2, with a W0:36 lan tag and subnet 192.168.36.x for Guests on Wifi while staff connect on the primary W0 getting a 192.168.6x ip due to the Bridge. I followed the steps at this article to do that, tested staff and guest access / limitations and it worked beautifully.
A Site to Site VPN tunnel is up and running to multiple other offices.
On site, I can ping the router at its address of 6.1, and any device in the site as well, such as a network switch at 6.241.
From a VPN site, I can also ping 6.241 , but a ping to 6.1 will not work. When I used Packet Monitor to capture conditions, I found this Dropped status about the attempt tp ping 6.1 from another site.
I have no rules I can find that should be causing this drop! I also turned off all extras to test, (AV Gateway, Intrusion, Content Filtering, Botnet, etc.) to make sure it wasn't one of those features.
I then tried each one of these manual Policy adds and none of them made any difference.
What is the solution to this insanity ?
Allow Ping from VPN to X2
Allow Ping from VPN to Staff
Allow Ping from WAN to X2
Allow Ping from WAN to Staff
Ether Type: IP(0x800), Src=[68:b6:fc:c5:72:22], Dst=[2c:b8:ed:a8:ae:f1]
IP Packet Header
IP Type: ICMP(0x1), Src=[192.168.1.208], Dst=[192.168.6.1]
ICMP Packet Header
ICMP Type = 8(ECHO_REQUEST), ICMP Code = 0, ICMP Checksum = 19113
DROPPED, Drop Code: 727(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2722_qpmjdzDifdl) 1:1)