Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Unable to access devices

My client has successfully VPN into our domain. But he's unable to ping any devices on our network. Why?

6 REPLIES

Re: Unable to access devices

Hi,

What VPN device you used, e.g VPNK, PIX,ASA?

For VPN3K, make sure your filter allows ICMP. FOR PIX/ASA, make sure you have ACL permitting icmp in your interesting traffic's ACL.

Check the routing as well (if related).

Rgds,

AK

Community Member

Re: Unable to access devices

Hi

we use VPN 3K, filter allows icmp. Our security appliance is a PIX 515E with 6.3 (4) OS which has a ACL permitting icmp.

When the client VPN successfully shouldn't the IP address of the PC change to that of our domain?

Gold

Re: Unable to access devices

On your PIX (in config mode) add:

isakmp nat-traversal

Save with: write mem

Hope this helps and pls rate post if it does.

Jay

Community Member

Re: Unable to access devices

Hi

thanks this works after I add isakmp nat-traversal.

Now we have another problem. We're currently setting up a test environment to simulate our production environment. The configurations on the test PIX have been the same as the Production except the IP addresses are different. To VPN into the test environment, we dial into the local ISP. When successfully in we then VPN into test Network. We Sucessfully VPN in but we're unable to ping or access the devices on the test enviroment.

We have a PIX Firewall 515E version 6.3(5) and VPN Client 3K

Please help.

thanks.

BERNIE

Re: Unable to access devices

Hi..

if you are able to authenticate but can't contact the devices inside your firewall then there are 2 things you need to check.

1.- On you PIX, make sure you have

isakmp nat-traversal 20

sysopt connection permit-ipsec

2.- Make sure your internal devices know the way back to your VPN pool. They should be pointing back to your PIX internal interface.

3.- On your PIX Make sure traffic from VPN pool to/from inside hosts is NO NATed.

nat (inside) 0 access-list No_NAT

access-list No_NAT permit ip x.x.x.x 255.255.255.0 y.y.y.y 255.255.255.0

where x.x.x.x is your internal hosts

y.y.y.y is you VPN pool

I hope it helps .. please rate it if it does !!!

Community Member

Re: Unable to access devices

Hi there

I've done all the steps you advised but I'm unable to access the device after successful VPN.

What do I do now?

128
Views
0
Helpful
6
Replies
CreatePlease to create content