Solved: ASA VPN cannot ping local ip pool

keithannette · ‎11-23-2010

Hi,

We have an ASA 5510 device which has be deployed for some time. Everything works great except local VPN clients cannot ping local VPN clients which get their ip address from the local pool. They can ping anywhere on the local corporate network but not each other. I'm sure there is a logical explantion for this due to an ACL but any advice appreciated....

Thanks in advance

Keith

Federico Coto Fajardo · ‎11-23-2010

Hi Keith,

I think that in order to allow a VPN client to reach another VPN client, the ASA should u-turn the VPN traffic (because it will be receiving traffic from a VPN tunnel and re-sending it again through another tunnel.

Can you add ''same-security-traffic permit intra-interface'' and try again?

Federico.

View solution in original post

Federico Coto Fajardo · ‎11-23-2010

Hi Keith,

I think that in order to allow a VPN client to reach another VPN client, the ASA should u-turn the VPN traffic (because it will be receiving traffic from a VPN tunnel and re-sending it again through another tunnel.

Can you add ''same-security-traffic permit intra-interface'' and try again?

Federico.

keithannette · ‎11-24-2010

Federico,

That worked perfectly. Many thanks for you help

Keith

ASA VPN cannot ping local ip pool

XE SD-WAN: WAN インタフェースの IP アドレスに ping すると NAT pool の IP アドレスに変換されてしまう

ASAでのVPN local pool addressの割振り順に関して

ASA/FTD: VPN Load Balancing の設定と確認例

ISEを用いたAD連携による、ASAでのVPN認証（Cisco Secure Client）の設定方法について

ACI: VLAN Pool を設定する際の注意点