Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

i cannot ping or access remote network from the remote vpn client ?

I got two pix firewall ( FIREWALL1 and FIREWALL2)

Firewall1 is protecting from the internet

Firewall is protecting from a internal network

LIKE this :

---INTERNET--++FIREWALL1--++--FIREWALL2

i am connecting from home bye cisco vpn client, i receive a ip address from the pool which is 192.168.60.1 255.255.255.0, i am able to ping the the first subnet 192.168.50.0 255.255.255.0 on the Firewall1 but i cannot to ping or access the subnet 192.168.1.0 255.255.255.0 behind the Firewall2

i did some debug FIREWALL2:

FIREWALL2#120: ICMP echo-request from outside:192.168.60.1 to 192.168.1.1 ID=1024 seq=26624 length=40

121: ICMP echo-request from outside:192.168.60.1 to 192.168.1.1 ID=1024 seq=26880 length=40

q122: ICMP echo-request from outside:192.168.60.1 to 192.168.1.1 ID=1024 seq=27136 length=40

q123: ICMP echo-request from outside:192.168.60.1 to 192.168.1.1 ID=1024 seq=27392 length=40

i don't understand why i do have no reply from the remote cisco vpn client

8 REPLIES
Green

Re: i cannot ping or access remote network from the remote vpn c

You are currently only allowing echo-reply, you must allow echo for the ping from outside the pix..

access-list outside_access_in permit icmp any any echo-reply

add

access-list outside_access_in permit icmp any any echo

Please rate helpful posts.

New Member

Re: i cannot ping or access remote network from the remote vpn c

I added your command access-list outside_access_in permit icmp any any echo on both firewall... no success

when i am tring to ping from source of interface inside(192.168.1.1) to the remote cisco vpn client(192.168.60.1) i got that message FIREWALL2

FIREWALL2# ping inside 192.168.60.1

68: ICMP echo request (len 32 id 9233 seq 0) 192.168.1.1 > 192.168.60.1

69: ICMP echo-reply from outside:192.168.60.1 to 192.168.1.1 ID=4388 seq=0 length=40

192.168.60.1 NO response received -- 1000ms

70: ICMP echo request (len 32 id 9233 seq 1) 192.168.1.1 > 192.168.60.1

71: ICMP echo-reply from outside:192.168.60.1 to 192.168.1.1 ID=4388 seq=1 length=40

192.168.60.1 NO response received -- 1000ms

72: ICMP echo request (len 32 id 9233 seq 2) 192.168.1.1 > 192.168.60.1

73: ICMP echo-reply from outside:192.168.60.1 to 192.168.1.1 ID=4388 seq=2 length=40

192.168.60.1 NO response received -- 1000ms

when i am trying to ping from the vpn client(192.168.60.1) to the interface inside(192.168.1.1) of the firewall2 i got that message on the firewall2:

FIREWALL2# 67: ICMP echo-request from outside:192.168.60.1 to 192.168.1.217 ID=1024 seq=3072 length=40

what do you suggest?

Green

Re: i cannot ping or access remote network from the remote vpn c

Didn't realize you were trying to ping the inside interface. To be able to ping the inside pix interface from the vpn client you have to add to pix..

management-access inside

New Member

Re: i cannot ping or access remote network from the remote vpn c

did'not work

i cannot ping or access the network 192.168.1.0/24 from 192.168.60.0(vpn client users)

New Member

Re: i cannot ping or access remote network from the remote vpn c

i added the management-access inside

and did'not work and also

i cannot ping or access the network 192.168.1.0/24 from 192.168.60.0(vpn client users)

Green

Re: i cannot ping or access remote network from the remote vpn c

It appears you do not have a default route on pix 2.

route outside 0.0.0.0 0.0.0.0 192.168.50.1

New Member

Re: i cannot ping or access remote network from the remote vpn c

i added the route do not work maybe it a NAT issue or acl issue

Green

Re: i cannot ping or access remote network from the remote vpn c

Want to post the current configs?

191
Views
0
Helpful
8
Replies