Will router's icmp blocking affect pix-pix vpn connection?

[zacca]

Hi there,

If my pix firewall is located behind isp router, & isp router block icmp so that outsider can't ping/traceroute my public ip addresses, would that affect my pix firewall to establish vpn tunnel to another pix firewall without any icmp block from router?

Many thanks!

 

[themut]

Nope... the tunnel should be established as long as you send interesting traffic. However, you will not be able to establish the tunnel by simply pinging the remote IP addresses.

 

[zacca]

Hi Themut,

Thanks for your info, if pinging the remote ip addresses cannot establish the tunnel, how do I generate the interesting traffic? What are classified as interesting traffic?

Thanks again!!

 

[dopehead]

Sure you can establish the tunnel by pinging something behind the other locations router, the ping packet is encrypted and the isp router won't see that as a ping but as a ESP packet which isn't blocked.

Interesting traffic is defined by the access-list that you apply to your crypto map.

Jan

Network Systems Engineer
CCNA/CQS/CCSP