Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
1
Replies

allowing icmp through vpn

carl_townshend
Spotlight
Spotlight

‎10-04-2007 12:14 PM - edited ‎03-05-2019 06:53 PM

Hi all, I have just been told I need to edit something called the sysopt command for this to work? can anyone tel me what sysop is and used for ?

Labels:
0 Helpful
1 Reply 1

amritpatek
Level 6
Level 6

‎10-10-2007 12:22 PM

The command you are looking for is "sysopt connection permit-ipsec". What's unusual about this command is that it does not automatically allow icmp packets to come through across an ipsec tunnel. We must specifically permit that. Here's how to do it. The addresses mentioned below are just as an example:

lan behind the pix: 192.168.1.0 255.255.255.0

lan behind the remote site: 172.16.99.0 255.255.255.0

access-list outside permit icmp 172.16.99.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group outside in interface outside

If you wanted to permit icmp from any outside address, you could write that list like this:

access-list outside permit icmp any any

0 Helpful
Customers Also Viewed These Support Documents