Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote VPN Client cannot ping the LAN resources

Hi

I got a Cisco VPN Client Initiating a VPN connection behind an ASA Firewall(8.0.2) to a PIX (7.0) across the internet , the VPN is establish with IP but cannot ping the resources behind the PIX.

With the VPN client behind any internet cafe/starbucks, its able to establish and ping the resources behind the PIX.

Any suggestiongs?

5 REPLIES
New Member

Re: Remote VPN Client cannot ping the LAN resources

If youre ASA has the IPS module installed it could be the global inspection policy.

You could troubleshoot it bye either removing the global inspection policy or adding.

Policy-map global_policy

class inspection_default

inpect ipsec-pass-thru

exit

This information was given to me in this forum and it fixed the issue.

New Member

Re: Remote VPN Client cannot ping the LAN resources

Try this

crypto isakmp nat-traversal

New Member

Re: Remote VPN Client cannot ping the LAN resources

Hi Romeo,

I tried it but it still doesnt work.

New Member

Re: Remote VPN Client cannot ping the LAN resources

Hi After checking the logs here is what i found

After checking on the log i found like following error

3 Nov 01 2007 12:07:24 305006 22X.255.66.X regular translation creation failed for protocol 50 src inside:10.10.10.160 dst outside:222.255.66.230

New Member

Re: Remote VPN Client cannot ping the LAN resources

Looks like the return traffic is NATTed on the way back. Make sure you have a nat 0 access list with source ip as your lan addresses and destination ips as your vpn client ip pool. Hope this helps.

435
Views
0
Helpful
5
Replies
CreatePlease to create content