Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
4
Replies

ASA VPN client problem

alex goshtaei
Level 1
Level 1

‎08-25-2010 12:40 PM - edited ‎03-11-2019 11:30 AM

Hi All,

we have setup VPN client, it is working fine but I can't ping some host inside the network. all hosts inside LAN are using the same default gateway, but some of them are not accessible by VPN client. any suggestion would be very appreciated.

thanks

Alex

Labels:
0 Helpful
4 Replies 4

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎08-25-2010 01:37 PM

Hi,

These are the steps that I would follow:

1. Check the VPN tunnel establishes correctly ''sh cry isa sa''

2. Check traffic flows through the tunnel ''sh cry ips sa''

If the tunnel is fine, check you have the following commands:

management-access inside

sysopt connection permit-vpn

crypto isakmp nat-t

If you can access some hosts and some don't, check that the ASA is not doing any VPN filtering.

Federico.

0 Helpful

lawchung
Cisco Employee
Cisco Employee

‎08-25-2010 03:56 PM

Check to see if you can ping the host from an internal computer first because it might just have a firewall app block it like Windows firewall.

0 Helpful

alex goshtaei
Level 1
Level 1
In response to lawchung

‎08-25-2010 04:50 PM

yes, I can ping from inside to those hosts but from VPN client.

thanks

Alex

0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to alex goshtaei

‎08-25-2010 06:16 PM

Hi Alex,

Please apply captures on the ASA's LAN facing interface. We can see if packets are leaving the ASA and if they are, if replies are reaching back the ASA:

https://supportforums.cisco.com/docs/DOC-1222

Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card