Unable to ping the internal hosts after connecting with the Cisco VPN Client


Wed, 07/22/2009 - 19:37
Jun 18th, 2009

Core issue

The configuration did not have a nat (inside) 0 command to an Access Control List (ACL) to designate that the traffic from the internal subnets destined for the VPN pool would not have Network Address Translation (NAT) applied. The return traffic was using NAT and the connection was failing.


Create an ACL that permits the internal subnet to the VPN pool, and then point the nat (inside) 0 command to that ACL.

A partial sample configuration follows:

ip address inside

ip local pool vpnpool

access-list nonat permit ip

nat (inside) 0 access-list nonat



This Document

Related Content