Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
964
Views
0
Helpful
1
Replies

Can ping over VPN, but nothing else

kenmerenda
Level 1
Level 1

‎11-16-2009 03:30 PM - edited ‎02-21-2020 03:48 AM

I have a site to site VPN with a cisco ASA 5505 on one end, and a cisco 2801 on the other. I have a vpn established, and I can ping from the network on the 2801 side to the network on the 5505 but clients on the 5505 side cannot ping back clients on the network with the 2801. Its like packs from the 2801 go to the 5505 using the VPN, but then try to come back using a different route?

0 Helpful
1 Reply 1

mopaul
Cisco Employee
Cisco Employee

‎11-16-2009 05:29 PM

Hi,

Host behind the router can ping the network behind the ASA5505, from ASA5505 you can't reach the router, please feel free to correct me if wrong.

Can you make sure when you run a continuous ping from ASA to the network behind router, do you see encrypts growing in numbers [execute the command show crypto ipsec sa peer " public ip address of router" to see the encrypts/decrypts] .

I want to make sure that the traffic is not going in some other tunnel when initiated from ASA.

Also, make sure you have NAT 0 statement correct on ASA , if exempting the traffic from NAT.

Can you please share the configuration from both ASA and router so that i can make sure basic configuration is in place?

Regards

M

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card