cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
775
Views
0
Helpful
5
Replies

Remote VPN Client cannot ping the LAN resources

r-docuyanan
Level 1
Level 1

Hi

I got a Cisco VPN Client Initiating a VPN connection behind an ASA Firewall(8.0.2) to a PIX (7.0) across the internet , the VPN is establish with IP but cannot ping the resources behind the PIX.

With the VPN client behind any internet cafe/starbucks, its able to establish and ping the resources behind the PIX.

Any suggestiongs?

5 Replies 5

Patrick.Beaven
Level 1
Level 1

If youre ASA has the IPS module installed it could be the global inspection policy.

You could troubleshoot it bye either removing the global inspection policy or adding.

Policy-map global_policy

class inspection_default

inpect ipsec-pass-thru

exit

This information was given to me in this forum and it fixed the issue.

romeocz
Level 1
Level 1

Try this

crypto isakmp nat-traversal

Hi Romeo,

I tried it but it still doesnt work.

Hi After checking the logs here is what i found

After checking on the log i found like following error

3 Nov 01 2007 12:07:24 305006 22X.255.66.X regular translation creation failed for protocol 50 src inside:10.10.10.160 dst outside:222.255.66.230

Looks like the return traffic is NATTed on the way back. Make sure you have a nat 0 access list with source ip as your lan addresses and destination ips as your vpn client ip pool. Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: