Remote VPN Client cannot ping the LAN resources

Unanswered Question
Oct 30th, 2007

Hi


I got a Cisco VPN Client Initiating a VPN connection behind an ASA Firewall(8.0.2) to a PIX (7.0) across the internet , the VPN is establish with IP but cannot ping the resources behind the PIX.


With the VPN client behind any internet cafe/starbucks, its able to establish and ping the resources behind the PIX.


Any suggestiongs?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Patrick.Beaven Wed, 10/31/2007 - 11:27

If youre ASA has the IPS module installed it could be the global inspection policy.

You could troubleshoot it bye either removing the global inspection policy or adding.


Policy-map global_policy

class inspection_default

inpect ipsec-pass-thru

exit


This information was given to me in this forum and it fixed the issue.



r-docuyanan Wed, 10/31/2007 - 22:58

Hi After checking the logs here is what i found


After checking on the log i found like following error


3 Nov 01 2007 12:07:24 305006 22X.255.66.X regular translation creation failed for protocol 50 src inside:10.10.10.160 dst outside:222.255.66.230



htaluja_2 Sun, 11/04/2007 - 00:16

Looks like the return traffic is NATTed on the way back. Make sure you have a nat 0 access list with source ip as your lan addresses and destination ips as your vpn client ip pool. Hope this helps.

Actions

This Discussion