Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

allowing ping to ipsec remote access clients

Hi all, can anyone tell me how i can ping my remote access clients from inside my network, there is no access list on the inside interface so I would of thought it should work, do I need to create a rule allowing the echo reply back through ?

2 REPLIES

Re: allowing ping to ipsec remote access clients

Hi,

If you have established the IPSec with remote access clients, then you should be able to ping them directly, because the IP Address pool for remote access clients , must be routable.

Otherwise,

First Option is

1.The first option is to

setup a specific rule for each type of echo message.

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any source-quench

access-list 101 permit icmp any any unreachable

access-list 101 permit icmp any any time-exceeded

access-group 101 in interface outside

2.Second Option is to to configure ICMP inspection.This allows a trusted IP address to traverse the firewall and

allows replies back to the trusted address only. This way, hosts on all inside interfaces can ping hosts on the

outside and the firewall allows the replies to return. This also gives you the advantage of monitoring the

ICMP traffic that traverses the firewall.

policy-map global_policy

class inspection_default

inspect icmp

HTH...rate if helpful..

New Member

Re: allowing ping to ipsec remote access clients

how should it normally work, should it work with inspection off, and no access lists, when pinging from inside to outside.

124
Views
0
Helpful
2
Replies
CreatePlease to create content