Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2363
Views
0
Helpful
2
Replies

Site to site VPN, can ping router but not clients

Go to solution
mbmcadams
Level 1
Level 1

‎08-24-2010 11:51 AM

I have set up a site to site between an ASA5505 (corporate) and an 871w router (remote).  The tunnel is up, and I can ping anything on the corporate network from the remote network.  However, when going from corporate to remote, I am only able to ping the router, but no clients that are connected to it.  The IP for the router is on the same subnet as the rest of the clients (192.168.1.0/24).  I've watched the logs on the ASA5505 and it seems to be passing the traffic just fine, so the problem seems to sit on the 871.  To reinforce this, I can actually initiate the tunnel from the corporate network using a ping to one of these clients (even though the ping fails :\  )

I'll be happy to provide any additional information needed.  Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Atri Basu
Cisco Employee
Cisco Employee

‎08-24-2010 11:56 AM

Hey Marshall.

Can you confirm that there are no firewalls on the clients that might be blocking pings? From the problem description you've provided it appears as though as long as the clients initiate the ping, it's successful, but the revers is not true. This seems to indicate something on the clients maybe blocking  the traffic. Also since you say you are able to ping the router whose ip address is in the same subnet as the clients it further reinforces my belief that the issue might be with the clients.

Regards,

Atri.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Atri Basu
Cisco Employee
Cisco Employee

‎08-24-2010 11:56 AM

Hey Marshall.

Can you confirm that there are no firewalls on the clients that might be blocking pings? From the problem description you've provided it appears as though as long as the clients initiate the ping, it's successful, but the revers is not true. This seems to indicate something on the clients maybe blocking  the traffic. Also since you say you are able to ping the router whose ip address is in the same subnet as the clients it further reinforces my belief that the issue might be with the clients.

Regards,

Atri.

0 Helpful

Go to solution
mbmcadams
Level 1
Level 1
In response to Atri Basu

‎08-24-2010 12:06 PM

As you were probably typing this reply, I was turning off the firewall on one of the clients in my remote site...it worked.  I've been combing configs since early this morning trying to figure out where the problem was, only to find out it was an elementary issue

Thanks for your quick (and correct) response.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents