Unable to ping from site A to site B

Unanswered Question
Oct 8th, 2008


I have created a VPN tunnel between sitea and siteb. But unable to ping inside interfaces for both sites.

Could you please suggest what to do. When i look up the PDM page on both Sites PIX 501 its Showing.



Ike Tunnels 1 Ipsec Tunnels 1


Please see attached config.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (2 ratings)
ciscomoon Thu, 10/09/2008 - 03:31

I cannot ping from siteA to siteB.

I have tried still doesnt work.

Any reason

mike_guy29 Thu, 10/09/2008 - 04:21


Quick flick through there are several things wrong. Firstly access lists configured on A appear to be wrong (11.1177.190 is not a valid IP address) secondly the outbound access list is not applied to an interface.

Secondly the Outbound access list (applied on inside interface) will need to contain the IP address of the remote internal network. e.g. access-list outbound permit ip Same with the access list on B. It is not applied to interface and needs reconfiguring.

I have not checked the cryptomap config etc as the fact you got the tunnels up it seems to be working.


ciscomoon Fri, 10/10/2008 - 01:52

Thanks for reply. I have tried still same problem. One thing i forget to tell. I can ping from command prompt to remote PCS, but i am unable to ping and remotely.

When i try to ping from the PDM -Tools-PING unable to ping any remote pcs. Do you thing is to do with PDM version. I am using currently PDM 3.0


mike_guy29 Fri, 10/10/2008 - 02:50


Would you be able to post the new current config. Could you also just clarify exactly what it is you are trying to ping from where. I am a bit lost!

I very much doubt its to do with the version of PDM though no.


ciscomoon Sat, 10/11/2008 - 05:15

Hi Thanks for reply

I am trying to ping from PDM GUI page. It has an option of PING in TOOLS tab. Please see attached image.

mike_guy29 Sat, 10/11/2008 - 08:57


So (correct me if I am wrong) the VPN tunnels ARE working. And you can ping from PCs on the subnets across the VPN to PCs on the other subnets. It is just pinging from the PIX to the other PIX through the GUI?

If this is the case it could be to do with the IP address the pings are coming from. You can select which address to source the pings from. Have you tried changing this? It could well be sending the pings out but using an IP address that will not be sent across the VPN tunnel.

I would clear the crypto SAs and then initialise some pings etc. Run the command "show crypto ipsec sa" and it will give you information on the number of packets encrypts and decrypts etc. If these counters are not increasing the traffic is not going over the VPN tunnels and it is likely to be a problem with something such as an access list.



This Discussion