Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
1
Replies

pinging device while vpn'd in

John Blakley
VIP Alumni
VIP Alumni

‎06-11-2009 01:01 PM - edited ‎03-11-2019 08:42 AM

All,

I've noticed that I can't ping a public device (on my block) from the vpn. The vpn is NOT my firewall, but another ASA (5520). The inside interface on the ASA is on my private side. From a host on the lan and not on vpn, I can ping this device. The path the packet would take is from:

host -> core switch -> asa5550 -> packetshaper -> fatpipe -> device to ping

The above works. The path vpn would take is:

asa5520_vpn -> core switch -> asa5550 -> packetshaper -> fatpipe -> device

The above doesn't work. From the vpn, I can ping all the way to the ASA5550 and it works fine, but nothing past it.

Any ideas?

Thanks!

John

HTH, John *** Please rate all useful posts ***
Labels:
0 Helpful
1 Reply 1

robertson.michael
Level 3
Level 3

‎06-17-2009 07:34 AM

John,

In my experience, issues like this usually tie back to a routing problem. I've had similar issues where the echo request reaches the target but it is the reply that cannot find its way back to the VPN client.

I would suggest first getting packet captures throughout the topology and find what is being dropped (request or reply) and where it is being dropped. Once you know this, you can look for log or debug messages that explain why the packet is dropped and troubleshoot from there.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card