Can ping over VPN, but nothing else

Unanswered Question
Nov 16th, 2009

I have a site to site VPN with a cisco ASA 5505 on one end, and a cisco 2801 on the other. I have a vpn established, and I can ping from the network on the 2801 side to the network on the 5505 but clients on the 5505 side cannot ping back clients on the network with the 2801. Its like packs from the 2801 go to the 5505 using the VPN, but then try to come back using a different route?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mopaul Mon, 11/16/2009 - 17:29


Host behind the router can ping the network behind the ASA5505, from ASA5505 you can't reach the router, please feel free to correct me if wrong.

Can you make sure when you run a continuous ping from ASA to the network behind router, do you see encrypts growing in numbers [execute the command show crypto ipsec sa peer " public ip address of router" to see the encrypts/decrypts] .

I want to make sure that the traffic is not going in some other tunnel when initiated from ASA.

Also, make sure you have NAT 0 statement correct on ASA , if exempting the traffic from NAT.

Can you please share the configuration from both ASA and router so that i can make sure basic configuration is in place?




This Discussion