12-11-2008 12:08 PM - edited 03-11-2019 07:25 AM
Users on vpn can not reach 1 particular host.
ICMP is allowed since they are able to ping other devices on our network when vpn'd in.
I am using ASDM to rung the ping test..
the first result is with the outside interface as source..the second is inside.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.165, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.165, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 m
access-list a_splitTunnelAcl standard permit 172.20.0.0 255.255.0.0
access-list A_splitTunnelAcl standard permit 172.30.0.0 255.255.0.0
access-list A_splitTunnelAcl standard permit 192.168.0.0 255.255.0.0
access-list a_splitTunnelAcl standard permit 206.213.201.96 255.255.255.248
access-list A_splitTunnelAcl standard permit 206.213.207.96 255.255.255.248
access-list A_splitTunnelAcl standard permit host 64.14.47.15x
access-list A_splitTunnelAcl standard permit host 64.14.47.15x
access-list A_splitTunnelAcl standard permit host 64.14.47.16x
route outside 0.0.0.0 0.0.0.0 64.14.47.190 1
route inside 64.14.4 255.255.255.255 172.30.0.1 1
route inside 64.14.4255.255.255.255 172.30.0.1 1
route inside 64.14.47 255.255.255.255 172.30.0.1 1
route inside 64.14.47 255.255.255.255 172.30.0.1 1
route inside 64.14.4 255.255.255.255 172.30.0.1 1
route inside 64.14.47 255.255.255.255 172.30.0.1 1
route inside 64.14.47 255.255.255.255 172.30.0.1 1
route inside 64.14.4 255.255.255.255 172.30.0.1 1
route inside 64.14.4 255.255.255.255 172.30.0.1 1
route inside 64.14.47 255.255.255.255 172.30.0.1 1
route inside 64.14.4 255.255.255.255 172.30.0.1 1
route inside 64.14.4 255.255.255.255 172.30.0.1 1
route inside 64.14.4 255.255.255.255 172.30.0.1 1
route inside 64.14.4 255.255.255.255 172.30.0.1 1
route inside 172.20.0.0 255.255.0.0 172.30.0.1 1
route inside 192.168.0.0 255.255.0.0 172.30.0.1 1
route inside 206.213.20255.255.255.248 172.30.0.1 1
route inside 206.213.2 255.255.255.248 172.30.0.1 1
172.30.0.1 is the interface on our network
172.30.0.2 is the inside interface of the firewal
12-11-2008 12:27 PM
Can vpn users ping anything on 192.168.0.0? If not, 192.168.0.0 most likely needs a route to the vpn client subnet.
12-11-2008 01:18 PM
yes they can hit 192.168.9.6 for example
12-11-2008 02:16 PM
Hi,
Does this device have two nics by any chance? Also, Check the routing table of the host "192.168.0.165" and make sure this host has a routing properly configured to route packets destined to the the VPN Pool of IP Addresses back to the client.
Also, what is this host? Is it a server or a VIP on a load balancer? Make sure that there are no filters that will block ICMP Traffic from the VPN Pool of IP Addresses.
Regards,
Arul
*Pls rate if it helps*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide