cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
237
Views
0
Helpful
1
Replies

Ping from concentrator

charles.manley
Level 1
Level 1

Hello,

We just starting running into an issue where if we go into administer sessions and try to ping a client it will come back as unreachable. We use split tunneling and have an internal network list for the clients. What we have to do is first have the remote client ping the concentrators address (to create the SA to that network) and then we can ping from the concentrator back to that client. The thing is we can figure out what might have changed that caused this. We never used to have to create that SA to the concentrator before doing a ping to the clients. Shouldn't that association be created when the client comes in to get its address and what not? How can the concentrator not know its there until we create the SA to that network? Anyone have any idea what might have changed that caused this?

1 Reply 1

a-vazquez
Level 6
Level 6

I can't really see what the problem might be. What you can do however is to see if you can ping the client otherwise, i.e. without using VPN. That would atleast reduce the problem to reachability at the client's end or at the concentrator end. Another reason might be the presence of a PIX on the remote end... actually this seems to be the most likely reason for this behaviour. If you indeed do have a PIX on the remote end, configure it to allow incoming sessions from the concentrator.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: