Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

allowing icmp through vpn

Hi all, I have just been told I need to edit something called the sysopt command for this to work? can anyone tel me what sysop is and used for ?

1 REPLY
Silver

Re: allowing icmp through vpn

The command you are looking for is "sysopt connection permit-ipsec". What's unusual about this command is that it does not automatically allow icmp packets to come through across an ipsec tunnel. We must specifically permit that. Here's how to do it. The addresses mentioned below are just as an example:

lan behind the pix: 192.168.1.0 255.255.255.0

lan behind the remote site: 172.16.99.0 255.255.255.0

access-list outside permit icmp 172.16.99.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group outside in interface outside

If you wanted to permit icmp from any outside address, you could write that list like this:

access-list outside permit icmp any any

241
Views
0
Helpful
1
Replies