Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA VPN client problem

Hi All,

we have setup VPN client, it is working fine but I can't ping some host inside the network. all hosts inside LAN are using the same default gateway, but some of them are not accessible by VPN client. any suggestion would be very appreciated.

thanks

Alex

4 REPLIES

Re: ASA VPN client problem

Hi,

These are the steps that I would follow:

1. Check the VPN tunnel establishes correctly ''sh cry isa sa''

2. Check traffic flows through the tunnel ''sh cry ips sa''

If the tunnel is fine, check you have the following commands:

management-access inside

sysopt connection permit-vpn

crypto isakmp nat-t

If you can access some hosts and some don't, check that the ASA is not doing any VPN filtering.

Federico.

Cisco Employee

Re: ASA VPN client problem

Check to see if you can ping the host from an internal computer first because it might just have a firewall app block it like Windows firewall.

Community Member

Re: ASA VPN client problem

yes, I can ping from inside to those hosts but from VPN client.

thanks

Alex

Cisco Employee

Re: ASA VPN client problem

Hi Alex,

Please apply captures on the ASA's LAN facing interface. We can see if packets are leaving the ASA and if they are, if replies are reaching back the ASA:

https://supportforums.cisco.com/docs/DOC-1222

Regards,

Prapanch

195
Views
0
Helpful
4
Replies
CreatePlease to create content