Re: Remote VPN Client cannot ping the LAN resources

r-docuyanan · ‎10-30-2007

Hi

I got a Cisco VPN Client Initiating a VPN connection behind an ASA Firewall(8.0.2) to a PIX (7.0) across the internet , the VPN is establish with IP but cannot ping the resources behind the PIX.

With the VPN client behind any internet cafe/starbucks, its able to establish and ping the resources behind the PIX.

Any suggestiongs?

Patrick.Beaven · ‎10-31-2007

If youre ASA has the IPS module installed it could be the global inspection policy.

You could troubleshoot it bye either removing the global inspection policy or adding.

Policy-map global_policy

class inspection_default

inpect ipsec-pass-thru

exit

This information was given to me in this forum and it fixed the issue.

romeocz · ‎10-31-2007

Try this

crypto isakmp nat-traversal

r-docuyanan · ‎10-31-2007

Hi Romeo,

I tried it but it still doesnt work.

r-docuyanan · ‎10-31-2007

Hi After checking the logs here is what i found

After checking on the log i found like following error

3 Nov 01 2007 12:07:24 305006 22X.255.66.X regular translation creation failed for protocol 50 src inside:10.10.10.160 dst outside:222.255.66.230

htaluja_2 · ‎11-04-2007

Looks like the return traffic is NATTed on the way back. Make sure you have a nat 0 access list with source ip as your lan addresses and destination ips as your vpn client ip pool. Hope this helps.