Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ping problem

I have a VPN Concentrator's public interface connected to the PIX's DMZ. The PIX gets a static internet IP thru PPPOE and the DMZ subnet is an internet routable subnet. The private interface of the Concentrator is connected to a private LAN. Ping works fine from the Concentrator itself but when I ping from one of the workstations in the private LAN to the internet, it won't work. Turning on 'debug icmp trace' on the PIX doesn't show anything. What could be the problem?

  • Other Security Subjects
1 REPLY
New Member

Re: Ping problem

From what i gather from the info you provided you are saying that the private LAN can not talk to the Internet. If you can ping the PIX from the Concentrator and from the Concentrator to any LAN Clients, I would figure it to be some sort of routing issue on the Concentrator.

^

First off, do a traceroute from a LAN client to see where it stops

^

here are some things to consider

is the private lan's default Internet route through the VPN Concentrator, then the PIX?

or is it going straight to the PIX on it's (Inside) interface ? if so, Can you ping the PIX (inside) interface from a LAN client?

do you have the correct default gateways configured on the clients?

do you have the routes configured on the Concentrator (default route 0.0.0.0 pointing out the Concentrator's public interface toward the PIX's DMZ interface IP)?

do you have 'setroute' configured on the PIX default route to 0.0.0.0?

you say that the PIX gets it's "static" IP thru PPPoE (???)

77
Views
4
Helpful
1
Replies
This widget could not be displayed.