Hi George,
i would do this. (first making sure the cpu isn't too busy -- say, > 50% "get perf cpu all detail")
unset ff (repeat until 'invalid id')
set ff src-ip y.y.y.y dst-ip x.x.x.66 (where y.y.y.y is the IP you're pinging from)
set ff src-ip x.x.x.66 dst-ip y.y.y.y
debug flow basic
snoop filter delete
snoop filter ip src-ip y.y.y.y dst-ip x.x.x.66
snoop filter ip src-ip x.x.x.66 dst-ip y.y.y.y
snoop (y for yes)
clear db
*** start to ping x.x.x.66 ***
undebug all
get db stream
I would look to see if icmp request/replies are both received/sent by the firewall. And if so, double-check the MAC addresses of the packets. This set of debugs will also tell us if the firewall is dropping the packet.
Regards,
Sam