Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

able to ping from from inside interface but not outside

Users on vpn can not reach 1 particular host.

ICMP is allowed since they are able to ping other devices on our network when vpn'd in.

I am using ASDM to rung the ping test..

the first result is with the outside interface as source..the second is inside.

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.165, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.165, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 m

access-list a_splitTunnelAcl standard permit 172.20.0.0 255.255.0.0

access-list A_splitTunnelAcl standard permit 172.30.0.0 255.255.0.0

access-list A_splitTunnelAcl standard permit 192.168.0.0 255.255.0.0

access-list a_splitTunnelAcl standard permit 206.213.201.96 255.255.255.248

access-list A_splitTunnelAcl standard permit 206.213.207.96 255.255.255.248

access-list A_splitTunnelAcl standard permit host 64.14.47.15x

access-list A_splitTunnelAcl standard permit host 64.14.47.15x

access-list A_splitTunnelAcl standard permit host 64.14.47.16x

route outside 0.0.0.0 0.0.0.0 64.14.47.190 1

route inside 64.14.4 255.255.255.255 172.30.0.1 1

route inside 64.14.4255.255.255.255 172.30.0.1 1

route inside 64.14.47 255.255.255.255 172.30.0.1 1

route inside 64.14.47 255.255.255.255 172.30.0.1 1

route inside 64.14.4 255.255.255.255 172.30.0.1 1

route inside 64.14.47 255.255.255.255 172.30.0.1 1

route inside 64.14.47 255.255.255.255 172.30.0.1 1

route inside 64.14.4 255.255.255.255 172.30.0.1 1

route inside 64.14.4 255.255.255.255 172.30.0.1 1

route inside 64.14.47 255.255.255.255 172.30.0.1 1

route inside 64.14.4 255.255.255.255 172.30.0.1 1

route inside 64.14.4 255.255.255.255 172.30.0.1 1

route inside 64.14.4 255.255.255.255 172.30.0.1 1

route inside 64.14.4 255.255.255.255 172.30.0.1 1

route inside 172.20.0.0 255.255.0.0 172.30.0.1 1

route inside 192.168.0.0 255.255.0.0 172.30.0.1 1

route inside 206.213.20255.255.255.248 172.30.0.1 1

route inside 206.213.2 255.255.255.248 172.30.0.1 1

172.30.0.1 is the interface on our network

172.30.0.2 is the inside interface of the firewal

3 REPLIES
Green

Re: able to ping from from inside interface but not outside

Can vpn users ping anything on 192.168.0.0? If not, 192.168.0.0 most likely needs a route to the vpn client subnet.

New Member

Re: able to ping from from inside interface but not outside

yes they can hit 192.168.9.6 for example

Cisco Employee

Re: able to ping from from inside interface but not outside

Hi,

Does this device have two nics by any chance? Also, Check the routing table of the host "192.168.0.165" and make sure this host has a routing properly configured to route packets destined to the the VPN Pool of IP Addresses back to the client.

Also, what is this host? Is it a server or a VIP on a load balancer? Make sure that there are no filters that will block ICMP Traffic from the VPN Pool of IP Addresses.

Regards,

Arul

*Pls rate if it helps*

110
Views
0
Helpful
3
Replies
CreatePlease to create content