03-12-2009 10:53 AM - edited 02-21-2020 03:21 AM
I'm having a problem where I can only ping certain IP addresses across the VPN tunnel. I can ping most of them but not all, the CCP has added a whole bunch of duplicate configuration and I suspect that may be part of the cause. Attached is the router1 and router2 configs. Do these configs look okay?
03-18-2009 09:39 AM
If the PIX/ASA is in router mode, some types of traffic cannot pass through the security appliance even if you allow it in an access list. This link as an example LAN-to-LAN configuration:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/site2sit.html#wp1042205
03-21-2009 07:15 AM
Ryan
I have looked at the router configs that you posted. The VPN part of them looks ok. I agree that the repeated parts of the config are strange, but do not think that they produce the problem. I did not look very hard at the zone based firewall stuff but in a quick look I do not see anything that would produce the symptom that you describe.
Are you attempting to ping from the router or to ping from a device on the LAN? (note that only traffic from the LAN will be processed by IPSec) Can you tell us a bit more about the problem? How many devices are you not able to ping? If you attempt to ping from another device do you get the same results? Is it possible that some of the remote devices have firewalls activated and that is why you can not ping them?
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: