Hi,
Once I've added additional third tunnel, when the policy ANY-> ANY set DENY I can't ping again from site B to my office.
Here is debug output:
Remote IP address : 194.128.232.71
My Local IP address 192.120.120.14
I ping from 194.128.232.71 IP to 192.120.120.14
===============================================================================
tunnel.3:194.128.232.71/5329->192.120.120.14/1,1(8/0)<Root>
no session found
flow_first_sanity_check: in <tunnel.3>, out <N/A>
chose interface tunnel.3 as incoming nat if.
flow_first_routing: in <tunnel.3>, out <N/A>
search route to (tunnel.3, 194.128.232.71/5329->192.120.120.14) in vr trust-vr for vsd-0/flag-0/ifp-null
[ Dest] 5.route 192.120.120.14->192.100.100.14, to bgroup0
routed (x_dst_ip 192.120.120.14) from tunnel.3 (tunnel.3 in 0) to bgroup0
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 2
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 192.120.120.14, port 14474, proto 1)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 11/6/0x8
log this session (pid=11)
policy id (11)
packet dropped, denied by policy
Policy id deny policy, ipv6 0, flow_potential_violation 0
**** pak processing end.
****** packet decapsulated, type=ipsec, len=60******
ipid = 21477(53e5), @03831f30
tunnel.3:194.128.232.71/5335->192.120.120.14/1,1(8/0)<Root>
no session found
flow_first_sanity_check: in <tunnel.3>, out <N/A>
chose interface tunnel.3 as incoming nat if.
flow_first_routing: in <tunnel.3>, out <N/A>
search route to (tunnel.3, 194.128.232.71->192.120.120.14) in vr trust-vr for vsd-0/flag-0/ifp-null
[ Dest] 5.route 192.120.120.14->192.120.120.14, to bgroup0
routed (x_dst_ip 192.120.120.14) from tunnel.3 (tunnel.3 in 0) to bgroup0
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 2
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 192.120.120.14, port 14468, proto 1)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 11/6/0x8
log this session (pid=11)
policy id (11)
packet dropped, denied by policy
Policy id deny policy, ipv6 0, flow_potential_violation 0
**** pak processing end.
flow_ip_send: 4be2:97.74.183.128->192.120.120.103,6 => bgroup0(1300) flag 0x20000, vlan 0
pak has mac
Send to bgroup0 (1314)
flow_ip_send: 4be3:97.74.183.128->192.120.120.103,6 => bgroup0(1300) flag 0x20000, vlan 0
pak has mac
Send to bgroup0 (1314)
flow_ip_send: 4be4:97.74.183.128->192.120.120.103,6 => bgroup0(1300) flag 0x20000, vlan 0
pak has mac
Send to bgroup0 (1314)
flow_ip_send: 4be5:97.74.183.128->192.120.120.103,6 => bgroup0(1300) flag 0x20000, vlan 0
pak has mac
Send to bgroup0 (1314)
flow_ip_send: 4be6:97.74.183.128->192.120.120.103,6 => bgroup0(1300) flag 0x20000, vlan 0
pak has mac
Send to bgroup0 (1314)
flow_ip_send: 4be8:97.74.183.128->192.120.120.103,6 => bgroup0(1300) flag 0x20000, vlan 0
pak has mac
Send to bgroup0 (1314)
flow_ip_send: 4be7:97.74.183.128->192.120.120.103,6 => bgroup0(1300) flag 0x20000, vlan 0
pak has mac
Send to bgroup0 (1314)
flow_ip_send: 4be9:97.74.183.128->192.120.120.103,6 => bgroup0(1300) flag 0x20000, vlan 0
pak has mac
Send to bgroup0 (1314)
****** packet decapsulated, type=ipsec, len=60******
ipid = 21479(53e7), @038dbf30
tunnel.3:194.128.232.71/5336->192.120.120.14/1,1(8/0)<Root>
no session found
flow_first_sanity_check: in <tunnel.3>, out <N/A>
chose interface tunnel.3 as incoming nat if.
flow_first_routing: in <tunnel.3>, out <N/A>
search route to (tunnel.3, 194.128.232.71->192.120.120.14) in vr trust-vr for vsd-0/flag-0/ifp-null
[ Dest] 5.route 192.120.120.14->192.120.120.14, to bgroup0
routed (x_dst_ip 192.120.120.14) from tunnel.3 (tunnel.3 in 0) to bgroup0
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 2
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 192.120.120.14, port 14467, proto 1)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 11/6/0x8
log this session (pid=11)
policy id (11)
packet dropped, denied by policy
Policy id deny policy, ipv6 0, flow_potential_violation 0
**** pak processing end.
================================================================================
Thanks in advance,