Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot ping EZVPN client

I have a Cisco 1921 that connects to an ASA 5540 through EZVPN

The 1921 connects to the Internet via Verizon using a cellular HWIC. The connection works fine, and the tunnel comes up. If I do a show crypto ipsec sa, I see the local and remote networks properly specified, the traffic being encapsulated, etc.

The remote client (a laptop behind the 1921) can ping through the tunnel to the corporate network. It can RDP into machines, and if I do a netstat on those machines, I see the client connected using its LAN address (172.30.201.4).

However, I cannot ping FROM the coporate network to the client 172.30.201.4. Even from the machine which it is RDP'd into, if I ping, I get a "TTL expired in transit" from the upstream switch connected to the firewall. If I look on the ASA, I see the pings going out (debug icmp trace).

I also cannot connect to other ports on the remote client (firewall is turned off). It is like it is unreachable or behind some kind of firewall.

Is this normal behavior? I would like to be able to manage these remote machines somehow. What could be the issue?

1 REPLY
New Member

Cannot ping EZVPN client

bump!

anyone have any ideas?

191
Views
0
Helpful
1
Replies
CreatePlease login to create content