Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1015
Views
0
Helpful
0
Comments

Unable to ping the internal hosts after connecting with the Cisco VPN Client

TCC_2
Level 10
Level 10

on ‎06-18-2009 03:54 PM

Core issue

The configuration did not have a nat (inside) 0 command to an Access Control List (ACL) to designate that the traffic from the internal subnets destined for the VPN pool would not have Network Address Translation (NAT) applied. The return traffic was using NAT and the connection was failing.

Resolution

Create an ACL that permits the internal subnet to the VPN pool, and then point the nat (inside) 0 command to that ACL.

A partial sample configuration follows:

ip address inside 10.1.1.1 255.255.255.0
ip local pool vpnpool 192.168.1.1-192.168.1.254
access-list nonat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list nonat
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents