Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot Ping Remote VPN Clients

Hi All

Recently setup ASA 5505 as Firewall and easy VPN server. Everything seems to be fine except that remote vpn users can't ping any users on the local LAN. Their Internet connection by the way is Static PPPOE and no default gateway was given by the ISP. Internet connection is fine though. Checking Routing tables after establishing VPN shows a route towards the remote vpn users. One more thing "show isakmp sa" shows no decaps occuring, only encaps.Have attached the config for reference. Any advice is really appreciated.

Thanks!

2 REPLIES
Cisco Employee

Re: Cannot Ping Remote VPN Clients

can you try the following

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route

sysopt connection permit-vpn

can u please attach the show tech so that we can take a look at the ipsec sa

also can you see in the vpn client routing table if you see the routes, and also do you see any packet transmitted in the statistics on the vpn client

also you can check with your ISP if in case they have port 4500 blocked in 1 direction

Also as additional troubleshooting, you can run wireshark on your PC and see if you PC is getting and sending packets on 4500, and also you can apply captures on firewall outside interface and see you are recieving and sending data on port 4500

New Member

Re: Cannot Ping Remote VPN Clients

Hi Jathaval,

Was able to make it work. I think I may have also failed to check ICMP inspection on the policy map.Thanks for the inputs!

261
Views
0
Helpful
2
Replies