Cannot Ping Remote VPN Clients

Unanswered Question
Jul 15th, 2010
User Badges:

Hi All

Recently setup ASA 5505 as Firewall and easy VPN server. Everything seems to be fine except that remote vpn users can't ping any users on the local LAN. Their Internet connection by the way is Static PPPOE and no default gateway was given by the ISP. Internet connection is fine though. Checking Routing tables after establishing VPN shows a route towards the remote vpn users. One more thing "show isakmp sa" shows no decaps occuring, only encaps.Have attached the config for reference. Any advice is really appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jitendriya Athavale Fri, 07/16/2010 - 09:17
User Badges:
  • Cisco Employee,

can you try the following

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route

sysopt connection permit-vpn

can u please attach the show tech so that we can take a look at the ipsec sa

also can you see in the vpn client routing table if you see the routes, and also do you see any packet transmitted in the statistics on the vpn client

also you can check with your ISP if in case they have port 4500 blocked in 1 direction

Also as additional troubleshooting, you can run wireshark on your PC and see if you PC is getting and sending packets on 4500, and also you can apply captures on firewall outside interface and see you are recieving and sending data on port 4500

oyd110380 Tue, 07/20/2010 - 18:57
User Badges:

Hi Jathaval,

Was able to make it work. I think I may have also failed to check ICMP inspection on the policy map.Thanks for the inputs!


This Discussion