Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can ping inside IP of ASA over IPSec VPN


I have a site to site VPN configured between 2 ASAs on 9.1.3.  Everything is working apart from 1.  We have a management server that we use to SSH and poll devices, this server can't ping the inside of the ASA over the VPN, but can others I have configured, I must be missing a step.  THis server can ping devices on the inside LAN there though.  I'm not sure if it is a NAT as the ACLs look ok:

access-list outside_cryptomap extended permit ip object internal- object-group DM_INLINE_NETWORK_1

access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_2

access-list inside_access_in extended permit icmp any

object network Corp-Servers1


object network Corp-NPM


object network internal-


object-group network DM_INLINE_NETWORK_1

network-object object Corp-NPM

network-object object Corp--Servers

object-group network DM_INLINE_NETWORK_2

network-object object Corp-NPM

network-object object Corp-Servers

nat (inside,any) source static internal- internal- destination static Corp-Servers Corp-2-Servers no-proxy-arp


object network obj_any

nat (inside,outside) dynamic interface

The inside IP is and the remote server is

interface Vlan10

nameif inside

security-level 100

ip address

management-access inside

ssh inside

Currently I am using SSH to it's outside interface, plus the ASDM works.

Any ideas?

Super Bronze

Can ping inside IP of ASA over IPSec VPN


Are you also NATing the destination?

It seems the destination "object" used are different and you dont mention what the "Corp-2-Servers" contain?

If you had a basic NAT0 / Identity NAT configuration you could add "route-lookup" at the end. This usually help with the problem of connecting to an internal interface through a VPN connection.

- Jouni

CreatePlease login to create content