cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


142
Views
0
Helpful
5
Replies
Highlighted
Beginner

ASA 5505 l2l to ASA5505 VPN pinging issue.

I have a ASA5505 to ASA5505 L2L tunnel up and running with no problem.  One side has network 192.168.1.x and the other side has 192.168.2.x.

My issue is that i can ping from the 192.168.2.x to the 192.168.1.x with no problem.  However I can't ping from 192.168.1.x to 192.168.2.x.

Here is the config with packet tracer:

I am getting a acl-drop:

1 ACCEPTED SOLUTION

Accepted Solutions
Mentor

ASA 5505 l2l to ASA5505 VPN pinging issue.

Hi,

Does both ASAs have ICMP inspection enabled?

By default it should be possible to enable it using

fixup protocol icmp

Make sure that either ASA doesnt have the following setting enabled on the ASA

no sysopt connection permit-vpn

If it is enabled, then you will have to open the ICMP traffic on the "outside" ACL.

There arent really many things on the ASA itself that should block ICMP.

- Jouni

View solution in original post

5 REPLIES 5
Mentor

ASA 5505 l2l to ASA5505 VPN pinging issue.

Hi,

You are using a wrong source address in the "packet-tracer" command.

You are using as a source address an IP address thats located at the remote site. Not an IP address of the local site.

- Jouni

Beginner

ASA 5505 l2l to ASA5505 VPN pinging issue.

Yes you are correct....

I made the adjustment and the packet tracer goes thru but i can't figure out why i can't ping?

any ideas?

Mentor

ASA 5505 l2l to ASA5505 VPN pinging issue.

Hi,

Does both ASAs have ICMP inspection enabled?

By default it should be possible to enable it using

fixup protocol icmp

Make sure that either ASA doesnt have the following setting enabled on the ASA

no sysopt connection permit-vpn

If it is enabled, then you will have to open the ICMP traffic on the "outside" ACL.

There arent really many things on the ASA itself that should block ICMP.

- Jouni

View solution in original post

Beginner

ASA 5505 l2l to ASA5505 VPN pinging issue.

I added fixup protocol icmp

still no luck. 

I am not able to RDP.

Beginner

ASA 5505 l2l to ASA5505 VPN pinging issue.

I am able to RDP....

We are all good now.