Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
4
Replies

Cant PING servers on the remote LAN form a VPN Client

Tebogo Langa
Level 1
Level 1

‎07-30-2008 02:04 AM - edited ‎03-11-2019 06:22 AM

I cant ping anything on the inside interface of a pix 515 from a VPN client.

Labels:
0 Helpful
4 Replies 4

Olivier Jessel
Level 1
Level 1

‎07-30-2008 02:09 AM

Hi,

Have you checked you have correct ACL for traffic from VPN pool to inside subnet, and correct (No-)NAT entries in both way?

More, the split-tunneling ACL is matching your inside subnet and your vpn pool ?

CCIE #44658
0 Helpful

Tebogo Langa
Level 1
Level 1
In response to Olivier Jessel

‎07-30-2008 02:54 AM

This is what I have done so far.I can connect to the pix but I cant ping the inside hosts.I dont need split tunneling.

access-list client-vpn permit ip 172.16.48.0 255.255.255.248 17.1.1.0 255.255.255.240

ip local pool client-vpn-pool 17.1.1.1-17.1.1.14

nat (inside) 0 access-list client-vpn

0 Helpful

jmia
Level 7
Level 7

‎07-30-2008 02:44 AM

Hello Michael,

You need to enable NAT Traversal on your PIX for ISAKMP i.e. in config mode...

isakmp nat-traversal

Save with wr m

Hope this helps and please rate posts.

0 Helpful

Tebogo Langa
Level 1
Level 1
In response to jmia

‎07-30-2008 03:02 AM

i am runnning ver 6.1(3).The firewall doesnt want to take that command.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card