When you say you can ping the computers is it the private address across the VPN or are you pinging the public address?
This could be a problem due to MTU, I had a customer report the same issue where users could connect to exchange over a non-encrypted (LAN) link but fail over an encrypted path. The solution was to reduce the MTU in this case. In this case you would be able to ping private addresses across the tunnel.
Another problem could be caused by NAT, in which case the tunnel appears up but no data can be sent across it so the ping to a private address would fail. In this case you need to enable NAT-T support in the firewall.
The MTU can be set at the client end by a utility provided wth the client software.
On my PC, its found at >Start, programs, Cisco VPN Client, select `Set MTU'. The default is 1300 bytes, which should be adequate for your requirement.
I looked up the fault details that I dealt with for VPN users on exchange, in my case it was a LAN attached user coming across a L2L IPSec tunnel to the exchange server at the HQ. I used a facility on the router to adjust the MTU, the TCP MSS-ADJUST command.
If your VPN user has the MTU set to 1300 which I suspect it probably is as that's the default, then I dont think this is the cause of your problem.
I was able to ping it as our private (from VPN clients range), by the box name and by ip address.
I was thinking about checking TCP/IP settings (manually entering WINS, DNS) and/or modifying the HOSTS file, but they just e-mailed: the issue has been resolved by the local provider - probably something on their network (?)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...