Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

User cannot ping internal hosts after connecting with the Cisco VPN Client

Core issue

The internal router has a different default gateway and does not have a route back to the PIX Firewall for the VPN pool address range

Resolution

A route, which is either statically defined or dynamically discovered, specifies    the path used by a router or host to forward IP packets. You must define a special    route, called the default route, for forwarding packets when no route is known. Packets destined for an unknown network are forwarded to the default router,    which is sometimes called the "gateway of last resort". 

To configure the default routes on a Cisco IOS  router to forward traffic to    the PIX, perform these steps:

  1. Telnet to the router that connects to the inside interface of the PIX.

  2. Access the Cisco IOS configuration mode.

  3. Set the default route to the inside interface of the PIX with    this Cisco IOS Command Line Interface (CLI) command:

  ip route 0.0.0.0 0.0.0.0 if_address

     For each PIX interface that is connected to a router, replace if_address    with the IP address of the PIX interface.

     Issue the show ip route command and make sure that the connected PIX interface is listed as the "gateway of last resort."

Problem Type

Connectivity through the device

Product Family

Firewall - PIX 500 series

VPN - hardware & software clients

Frequency

Continuously

PIX Software Version

PIX version 6.x

VPN Client Software Version

Cisco VPN Client

Client Location on Network with PIX

Outside

VPN Tunnel End Points

Client

PIX

Can You Ping...

Client cannot ping inside host or server

VPN Tunnel Initialization

VPN session is established

Version history
Revision #:
1 of 1
Last update:
‎06-18-2009 04:04 PM
Updated by:
 
Labels (1)