Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to ping the internal hosts after connecting with the Cisco VPN Client

Core issue

The configuration did not have a nat (inside) 0 command to an Access Control List (ACL) to designate that the traffic from the internal subnets destined for the VPN pool would not have Network Address Translation (NAT) applied. The return traffic was using NAT and the connection was failing.

Resolution

Create an ACL that permits the internal subnet to the VPN pool, and then point the nat (inside) 0 command to that ACL.

A partial sample configuration follows:

ip address inside 10.1.1.1 255.255.255.0

ip local pool vpnpool 192.168.1.1-192.168.1.254

access-list nonat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list nonat

862
Views
0
Helpful
0
Comments