Remote VPN Client cannot ping the LAN resources

Unanswered Question
Oct 30th, 2007


I got a Cisco VPN Client Initiating a VPN connection behind an ASA Firewall(8.0.2) to a PIX (7.0) across the internet , the VPN is establish with IP but cannot ping the resources behind the PIX.

With the VPN client behind any internet cafe/starbucks, its able to establish and ping the resources behind the PIX.

Any suggestiongs?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Patrick.Beaven Wed, 10/31/2007 - 11:27

If youre ASA has the IPS module installed it could be the global inspection policy.

You could troubleshoot it bye either removing the global inspection policy or adding.

Policy-map global_policy

class inspection_default

inpect ipsec-pass-thru


This information was given to me in this forum and it fixed the issue.

r-docuyanan Wed, 10/31/2007 - 22:58

Hi After checking the logs here is what i found

After checking on the log i found like following error

3 Nov 01 2007 12:07:24 305006 22X.255.66.X regular translation creation failed for protocol 50 src inside: dst outside:

htaluja_2 Sun, 11/04/2007 - 00:16

Looks like the return traffic is NATTed on the way back. Make sure you have a nat 0 access list with source ip as your lan addresses and destination ips as your vpn client ip pool. Hope this helps.


This Discussion