Support Center > Search Results > SecureKnowledge Details
IKE packets dropped with "vpn_inbound_policy_chain Reason: vpn inbound nat after vm failed;" Technical Level
  • IKE packets are dropped with error message:
    "dropped by vpn_inbound_policy_chain Reason: vpn inbound nat after vm failed;"
  • Kernel debugs (fw ctl debug -m fw + conn drop && fw ctl debug -m VPN all) shows:
    [cpu_x];[fw4_0];IKE_Utils_FillIKEInfo: setting entry in dynamic_ipsec_source_address table;
    [cpu_x];[fw_0];IKE_Utils_FillIKEInfo: failed to set dynamic_ipsec_source_address table;
    [cpu_x];[fw_0];IKE_Handling_Inbound_ex: Failed to retrieve info from chain;
    [cpu_x];[fw_0];IKE_Handling_Inbound_ex: XXX=============
    [cpu_x];[fw_0];vpn_nat_inbound_after_vm_ex: Error - (InBound) IKE/RDP address manipulation failed;
    [cpu_x];[fw_0];vpn_inbound_policy_chain: failed in vpn nat after vm inbound;

There is a leak in the "dynamic_ipsec_source_address" kernel table. 

Note: To view this solution you need to Sign In .