I have a VPN between an ASA 5510 7.1 and a Pix 501 6.3. The tunnel is up and hosts on both sides can ping and access resources. However when I am telneted to the ASA or the Pix I cannot ping any hosts on the remote side. What commands do I need to enter to make it possible to ping remote hosts from either firewall?
It has been my experience where the PIX and ASA are concerned you if they are the VPN endpoints you can't ping from one to the other. The cause of this is that you are on the interface and it is generating the traffic and that means it has bypassed the interface on which it would be recognized as interesting traffic for the VPN tunnel.
I can ping the remote interface from a host on that remote subnet. I have tried #ping inside x.x.x.x on both firewalls. From either firewall I cannot ping the remote firewall or remote hosts. I can ping between host across the VPN.
Have you tried to use the management interface command. This should be set for an interface that the tunnel does not land on. I forget if it is available on the asa, but I believe it is. Enabling this on both sides should fix your problem, assuming the ip address are part of the encryption domain.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...