Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot ping EZVPN client

I have a Cisco 1921 that connects to an ASA 5540 through EZVPN

The 1921 connects to the Internet via Verizon using a cellular HWIC. The connection works fine, and the tunnel comes up. If I do a show crypto ipsec sa, I see the local and remote networks properly specified, the traffic being encapsulated, etc.

The remote client (a laptop behind the 1921) can ping through the tunnel to the corporate network. It can RDP into machines, and if I do a netstat on those machines, I see the client connected using its LAN address (

However, I cannot ping FROM the coporate network to the client Even from the machine which it is RDP'd into, if I ping, I get a "TTL expired in transit" from the upstream switch connected to the firewall. If I look on the ASA, I see the pings going out (debug icmp trace).

I also cannot connect to other ports on the remote client (firewall is turned off). It is like it is unreachable or behind some kind of firewall.

Is this normal behavior? I would like to be able to manage these remote machines somehow. What could be the issue?

New Member

Cannot ping EZVPN client


anyone have any ideas?

CreatePlease login to create content