Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1039
Views
0
Helpful
2
Replies

AnyConnect client can ping remote ASA inside IP, but not computers on same subnet.

JonCommins
Level 1
Level 1

‎02-27-2014 04:31 PM - edited ‎02-21-2020 07:32 PM

Have an ASA, which I can connect to with an Adroid AnyConnect client from the internet.

Here is the config for that ASA:

http://pastebin.com/raw.php?i=nz8pmYPj

Have another ASA, which has a site-to-site VPN tunnel established with the first ASA.

Here is the config for that ASA:

http://pastebin.com/raw.php?i=m5hX5kZy

Currently, the AnyConnect client can ping local devices on the main ASA inside subnet.

It can also ping the inside interface of the second ASA.

However, it cannot ping other devices on the inside subnet of the second ASA, why?

Labels:
0 Helpful
2 Replies 2

JonCommins
Level 1
Level 1

‎02-28-2014 01:37 PM

Update: Created diagram to better show what's happening.

gorman-issue.png

0 Helpful

JonCommins
Level 1
Level 1

‎02-28-2014 03:36 PM

This line fixed it, in the Kanai ASA config:

access-list out-in extended permit ip 192.168.99.0 255.255.255.0 any

0 Helpful
Customers Also Viewed These Support Documents