pinging device while vpn'd in

Unanswered Question
Jun 11th, 2009

All,

I've noticed that I can't ping a public device (on my block) from the vpn. The vpn is NOT my firewall, but another ASA (5520). The inside interface on the ASA is on my private side. From a host on the lan and not on vpn, I can ping this device. The path the packet would take is from:

host -> core switch -> asa5550 -> packetshaper -> fatpipe -> device to ping

The above works. The path vpn would take is:

asa5520_vpn -> core switch -> asa5550 -> packetshaper -> fatpipe -> device

The above doesn't work. From the vpn, I can ping all the way to the ASA5550 and it works fine, but nothing past it.

Any ideas?

Thanks!

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Wed, 06/17/2009 - 07:34

John,

In my experience, issues like this usually tie back to a routing problem. I've had similar issues where the echo request reaches the target but it is the reply that cannot find its way back to the VPN client.

I would suggest first getting packet captures throughout the topology and find what is being dropped (request or reply) and where it is being dropped. Once you know this, you can look for log or debug messages that explain why the packet is dropped and troubleshoot from there.

-Mike

Actions

This Discussion