allowing icmp through vpn

Unanswered Question
Oct 4th, 2007

Hi all, I have just been told I need to edit something called the sysopt command for this to work? can anyone tel me what sysop is and used for ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amritpatek Wed, 10/10/2007 - 12:22

The command you are looking for is "sysopt connection permit-ipsec". What's unusual about this command is that it does not automatically allow icmp packets to come through across an ipsec tunnel. We must specifically permit that. Here's how to do it. The addresses mentioned below are just as an example:

lan behind the pix: 192.168.1.0 255.255.255.0

lan behind the remote site: 172.16.99.0 255.255.255.0

access-list outside permit icmp 172.16.99.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group outside in interface outside

If you wanted to permit icmp from any outside address, you could write that list like this:

access-list outside permit icmp any any

Actions

This Discussion