04-13-2010 12:40 PM
Hi all.
I have a site-to-site IPSEC VPN running between a 5510(HQ) and 5505(Remote). All is working on the tunnel. Crypto maps and ACLs are symmetrical. I see the tunnel is up for the required subnets. However I cannot ping from internal subnets inside 5510 to remote LAN inside 5505 and vice-versa. I have other VPN spokes to 5510 where I can ping inside x.x.x.x from remote LAN with success. Can figure out what I am missing. I can ping internet items but cannot ping HQ.
Any suggestions?
Also I am a now learning the ASAs so I am not an expert. I do know that I am allowing ICMP from outside. Both my NONAT statement and crypto map are running off same object group that lists the HQ subnets.
Thanks in advance.
Solved! Go to Solution.
04-13-2010 12:55 PM
04-13-2010 12:44 PM
Hi,
Enable on both sides access to the inside interface via VPN with the command:
management access-inside
Then, try to PING from the ASA to the other's ASA inside IP address, like this:
ping inside x.x.x.x
If it works, then check the internal subnet has a route pointing to the ASA for the interesting traffic.
Federico.
04-13-2010 12:50 PM
Also to add....I can ping all 5510 inside subnets from clients on the 5505 LAN. Just cant from the 5505 itself via the ping inside x.x.x.x command.
I also can't ping the remote 5505 LAN from anywhere inside the 5510.
Makes sense?
04-13-2010 12:55 PM
The 5505 is missing the command:
management-access inside
Federico.
04-13-2010 12:58 PM
You the man Federico!
Thanks for the quick reply!
That worked!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: