pinging device while vpn'd in

Unanswered Question
Jun 11th, 2009
User Badges:
  • Purple, 4500 points or more

All,


I've noticed that I can't ping a public device (on my block) from the vpn. The vpn is NOT my firewall, but another ASA (5520). The inside interface on the ASA is on my private side. From a host on the lan and not on vpn, I can ping this device. The path the packet would take is from:


host -> core switch -> asa5550 -> packetshaper -> fatpipe -> device to ping


The above works. The path vpn would take is:


asa5520_vpn -> core switch -> asa5550 -> packetshaper -> fatpipe -> device


The above doesn't work. From the vpn, I can ping all the way to the ASA5550 and it works fine, but nothing past it.


Any ideas?


Thanks!

John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Wed, 06/17/2009 - 07:34
User Badges:
  • Silver, 250 points or more

John,


In my experience, issues like this usually tie back to a routing problem. I've had similar issues where the echo request reaches the target but it is the reply that cannot find its way back to the VPN client.


I would suggest first getting packet captures throughout the topology and find what is being dropped (request or reply) and where it is being dropped. Once you know this, you can look for log or debug messages that explain why the packet is dropped and troubleshoot from there.


-Mike

Actions

This Discussion