Mobile vpn ikev2 Unhandled-External-Packet

Hi

M370 running 12.6.2

I have a Mobile ikev2 tunnel configured. On the Windows 10 client i have configured the tunnel as split tunnel and added routes.

Name : Sentia
ServerAddress : x.x.x.x
AllUserConnection : False
Guid : {C3AEBF45-1672-4688-8A4C-EFCD284BF29A}
TunnelType : Ikev2
AuthenticationMethod : {Eap}
EncryptionLevel : Custom
L2tpIPsecAuth :
UseWinlogonCredential : False
EapConfigXmlStream : #document
ConnectionStatus : Disconnected
RememberCredential : False
SplitTunneling : True
DnsSuffix : kaufmann.local
IdleDisconnectSeconds : 0

Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.17.14.1 172.17.14.15 50
0.0.0.0 0.0.0.0 10.37.46.1 10.37.46.54 311
10.37.46.0 255.255.255.0 On-link 10.37.46.54 311
10.37.46.54 255.255.255.255 On-link 10.37.46.54 311
10.37.46.255 255.255.255.255 On-link 10.37.46.54 311
10.100.1.0 255.255.255.0 On-link 192.168.116.1 36
10.100.1.255 255.255.255.255 On-link 192.168.116.1 291
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.16.1.0 255.255.255.0 On-link 192.168.116.1 36
172.16.1.255 255.255.255.255 On-link 192.168.116.1 291
172.16.255.0 255.255.255.0 On-link 192.168.116.1 36
172.16.255.255 255.255.255.255 On-link 192.168.116.1 291
172.17.0.0 255.255.0.0 On-link 192.168.116.1 36
172.17.14.0 255.255.255.0 On-link 172.17.14.15 306
172.17.14.15 255.255.255.255 On-link 172.17.14.15 306
172.17.14.255 255.255.255.255 On-link 172.17.14.15 306
172.17.255.255 255.255.255.255 On-link 192.168.116.1 291
172.20.50.0 255.255.255.0 On-link 192.168.116.1 36
172.20.50.255 255.255.255.255 On-link 192.168.116.1 291
192.168.116.0 255.255.255.0 On-link 192.168.116.1 36
192.168.116.1 255.255.255.255 On-link 192.168.116.1 291
192.168.116.255 255.255.255.255 On-link 192.168.116.1 291
192.168.250.0 255.255.255.0 On-link 192.168.116.1 36
192.168.250.255 255.255.255.255 On-link 192.168.116.1 291
192.168.252.0 255.255.255.0 On-link 192.168.116.1 36
192.168.252.255 255.255.255.255 On-link 192.168.116.1 291

FWDeny, Denied, pri=4, disp=Deny, policy=Unhandled-External-Packet-00, protocol=icmp, src_ip=192.168.116.1, dst_ip=192.168.250.5, src_intf=TDC-EXT, dst_intf=Firebox, rc=101, pckt_len=92, ttl=2, [email protected], 3000-0148

I only have access to the "primary" ip subnet behind the firefox. When accessing all other subnets I get Unhandled-External-Packet.

Any idea why?

Regards
Robert

Comments

Sign In to comment.