Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Remote VPN client - Pix, cant ping inside network

I have a VPN client try to connect to a PIX 515. I can connect from all sites, but can only ping internal devices from some locations. In both cases I get an ip address, GW, DNS. Both of the locations I'm trying use NAT/PAT (behind some firewall). I have looked in some other forum notes, there they recommed "isakmp nat-traversal". Is this a possible solution.


access-list VPN permit ip

ip address inside

ip local pool VPNKLIENTER

nat (inside) 0 access-list VPN

nat (inside) 1 0 0

sysopt connection permit-ipsec

isakmp enable outside

isakmp key xxxxx

isakmp identity address

isakmp policy 9 authentication pre-share

isakmp policy 9 encryption des

isakmp policy 9 hash md5

isakmp policy 9 group 1

isakmp policy 9 lifetime 1000

isakmp policy 10 authentication rsa-sig

isakmp policy 10 encryption des

isakmp policy 10 hash sha

isakmp policy 10 group 1

isakmp policy 10 lifetime 86400

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup vpnklienter address-pool VPNKLIENTER

vpngroup vpnklienter dns-server

vpngroup vpnklienter wins-server martin5

vpngroup vpnklienter idle-time 86400

vpngroup vpnklienter password xxx

New Member

Re: Remote VPN client - Pix, cant ping inside network

Problem solved with "isakmp nat-traversal"

CreatePlease to create content