Unable to ping internal LAN devices?

Unanswered Question
Dec 5th, 2009

I have a Cisco 877W (IOS version 12.4(15)T9) setup at an office which is used primarily for Internet access for the users.  They have a requirement for remote workers to connect to resources sitting on the local LAN.  I have configured the router so that they can connect using the Cisco VPN Client (version  There is no issue connecting using the VPN client, I can ping the internal IP address of the router but I have issues pinging other devices on the LAN?  I have read many articles regarding similar issues in the forums and I believe that I have configured the router up correctly.  Any assistance or documents which may assist are truly appreciated.

The internal LAN sits on the range and the ip pool created for the remote users sits on the range.  The IP address is allocated correctly when users connect and all show commands to view the VPN connection do not show any issues to my knowledge.

I have included a copy of the router configuration.  If you require further information let me know.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dilipratna Sun, 12/06/2009 - 22:21


Thanks for your feedback.  The ACL applied to the crypto isakmp client (acl 108) looks fine to me?

access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 permit ip

I am allowing the internal LAN of to the IP address which is allocated to the remote user from the ip pool created.



spremkumar Sun, 12/06/2009 - 21:41


Have you tried tracing the internal lan ip from the remote pc, if not can you do a trace to the internal lan ips from the remote pc once the connection is established ? also check for trace from internal lan to the external ip and check where the trace is getting blocked.


dilipratna Mon, 12/07/2009 - 07:09

I have obtained a successful connection via the VPN client and from the remote laptop I can tracert to the internal IP address of the router ( and it achieves this on the 1st hop.
When I try to tracert to an IP address of a server ( the first hop shows up as the external IP address of Dialer1 and then the rest of the hops timeout.
When I tracert from a workstation on the internal LAN to the laptop which has been given an IP address from the pool it gets as far as the router and no further.  From the router I can see the route to the remote laptop.  When I try and do a traceroute from the router the first hop just times out??
I hope this may assist you further?  It is so puzzling.  I even changed my local pool to a range but this made no difference.
Petar Milanov Wed, 12/09/2009 - 05:50


I would suggest first to disable the Windows Firewall on the machines that you are trying to PING. Very often this is the reason for unsuccessful pings.

If this is the reason, you can enable the firewall, but to make an exeption for ICMP packets.

Good Luck


dilipratna Sun, 12/20/2009 - 16:37


Thanks you for your feedback.  I currently have a NAS device which is sharing out a directory and I am not able to ping the NAS device.  This does not have any form of firewall or security so I should be able to ping that?

Any other suggestions?



Petar Milanov Mon, 12/21/2009 - 23:06

Hi Dilip,

pls try this:

access-list 108 permit ip

access-list 108 permit icmp

access-list 108 permit ip

access-list 108 permit icmp




This Discussion

Related Content