VPN Connected but cannot access LAN

Unanswered Question
Apr 29th, 2010


I can connect to the VPN via Cisco VPN Client but I cannot ping any ip from the LAN. I already tried the crypto isakmp nat-traversal 20 but still no luck. I am attaching my config. Hope you can help. Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Jennifer Halim Thu, 04/29/2010 - 04:47

If you have just tested ping through the vpn client connection, then you need to allow icmp inspection as follows:

policy-map global_policy
class inspection_default
  inspect icmp

With the current configuration, you should be able to access the inside LAN:

If you also need access to DMZ subnet, then you would need the following:

access-list dmz-nonat permit ip

nat (dmz) 0 access-list dmz-nonat

I also notice that you didn't configure split tunnelling, hence you won't be able to browse the internet once connected via vpn. You can either configure split tunnel, or send all traffic (including internet traffic) towards the ASA via the vpn tunnel.

nprdomingo Thu, 05/06/2010 - 18:24


We got it working now by enabling NAT traversal. Thanks for the help.


This Discussion