the "cisco vpn box 2", the Endian and other machines are on the same LAN green? Your "cisco vpn box 2" is connected directly to a network card Endian or a switch?

2013/8/2 Marco Gabriel - inett GmbH <>



I have a strange problem that may be related to the endian way of policy based routing.


ICMP packages seem not to be routed properly.


Client -> cisco vpn box 1 -> public network -> cisco vpn box 2 -> endian -> server


RDP and other tcp/udp based services from client work, ICMP packets are sent to the server, the server answers but the packets seem not to be forwarded by the endian to the cisco vpn box 2. The cisco vpn box 2 and the endian are both in the same green LAN and the endian has configured a static route to static gateway “cisco vpn box 2”. As told, this works for all tested services but ICMP.


If I set a route manually to the vpn box on the shell by using “route add”, it works. If I set a route directly on the client to the cisco box, it works too.


So this seems to be a problem with the iptables way of routing packets.


Any hints how to fix this?


Best regards,



Kennen Sie schon den inett Newsletter? Unter eintragen und nichts mehr verpassen!

inett GmbH
Eschberger Weg 1
66121 Saarbrücken
Geschäftsführer: Marco Gabriel
Handelsregister Saarbrücken
HRB 16588

Telefon: 0681 / 37 20 10 20
Telefax: 0681 / 37 20 10 29
Mobil: 0172 / 94 66 763



Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
Efw-user mailing list

Jonathan Lessa