Ping, Telnet and Https to ASA 842 from VPN

Annibale Uberti Foppa · ‎07-08-2011

Hi, from the last firmware 8.4.2 with asdm 6.4.5 I have a problem on ASA5505 to pinging the inside of asa and to accessing in telnet or https through a VPN tunnel: the ASA doesn't respond to ping, telnet and https on the inside interface. I can pinging and accessing to it only from the lan ip on the inside interface. Here the configuration:

interface Vlan1
ip address 10.10.30.254 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any source-quench
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit icmp any any time-exceeded
access-group outside_access_in in interface outside
object network Lan_inside
subnet 10.10.30.0 255.255.255.0
object network Networking
subnet 10.0.1.0 255.255.255.240
ip local pool Networking 10.0.1.1-10.0.1.10 mask 255.255.255.0
nat (inside,outside) source static Lan_inside Lan_inside destination static Networking Networking
management-access inside
telnet 10.10.30.0 255.255.255.0 inside
telnet 10.0.1.0 255.255.255.0 inside
http server enable
http 10.10.30.0 255.255.255.0 inside
http 10.0.1.0 255.255.255.0 inside

Thank you and sorry for my bad english...

Hubert7

Nicolas Fournier · ‎07-08-2011

Hi Hubert7,

It seems that you are hitting the following bug:

CSCtr16184 To-the-box traffic fails for vpn clients after upgrade to 8.4.2.

You can have a look at it's description from the following link:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr16184

It seems to be fixed but the integrated version is not released yet so you can downgrade to 8(4.1) or simply for the fixed version to be released.

Regards,

Nicolas