ASA VPN client problem

alex goshtaei · ‎08-25-2010

Hi All,

we have setup VPN client, it is working fine but I can't ping some host inside the network. all hosts inside LAN are using the same default gateway, but some of them are not accessible by VPN client. any suggestion would be very appreciated.

thanks

Alex

Federico Coto Fajardo · ‎08-25-2010

Hi,

These are the steps that I would follow:

1. Check the VPN tunnel establishes correctly ''sh cry isa sa''

2. Check traffic flows through the tunnel ''sh cry ips sa''

If the tunnel is fine, check you have the following commands:

management-access inside

sysopt connection permit-vpn

crypto isakmp nat-t

If you can access some hosts and some don't, check that the ASA is not doing any VPN filtering.

Federico.

lawchung · ‎08-25-2010

Check to see if you can ping the host from an internal computer first because it might just have a firewall app block it like Windows firewall.

alex goshtaei · ‎08-25-2010

yes, I can ping from inside to those hosts but from VPN client.

thanks

Alex

praprama · ‎08-25-2010

Hi Alex,

Please apply captures on the ASA's LAN facing interface. We can see if packets are leaving the ASA and if they are, if replies are reaching back the ASA:

https://supportforums.cisco.com/docs/DOC-1222

Regards,

Prapanch