pix unable to ping server IP address over the tunnel

Unanswered Question
Sep 13th, 2007

My client has a pix506e and the IP address of it is The pix has established a tunnel connected to the remote site.

I see that the tunnel is up and running:

MCNEILPIX506# show crypto isa sa

Total : 2

Embryonic : 0

dst src state pending created

24.x.x.202 QM_IDLE 0 0

24.x.x.202 QM_IDLE 0 1


My problem is that I cannot ping the remote pix from this Pix. Nor can I ping any ip address that are


From the show run is there Nat's that I should be creating or access list to allow this pix to be able to connect to that network?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lapascua06 Sun, 09/16/2007 - 23:48


On the remote pix and local pix, enter this command:

pixfirewall(config)# management-access inside

*this command enable us to ping the inside interface of the remote and source our ping on the inside interface of the local pix:


On the local pix, do an extended ping:

(assuming the inside interface of the remote pix is

pixfirewall# ping inside

If this doesn't work, double check your VPN configuration..make sure that phase 2 policies as well as crypto ACl are mirrored on both sides.

Hope this helps...




This Discussion