ASA5505 - Unable to ping\access local hosts

heapmatt · ‎06-14-2015

I am new in Cisco firewalls and keen to learn and for that reason I bought a ASA5505. I have been following guilds to do the basic setup and a basic VPN connection but once the VPN tunnel is established I cant ping any local resources just the outside ASA interface IP Address.

I used the below video for the basic configuration.

How to Setup a New Cisco ASA 5505

https://www.youtube.com/watch?v=hdgFBfs6xu4

I have ran through both the below tutorials to setup a VPN but neither worked. From research I learned about the command "sysopt connection permit-vpn" to allow the traffic to bypass interfaces access lists but it didn't help either.

Cisco ASA - Remote Access VPN (IPSec)

https://www.youtube.com/watch?v=ff6r_ti3lr4

Cisco ASA 5500 Client To Site VPN

https://www.youtube.com/watch?v=-cKXOlKlyRQ

I have configured the ASA from factory default configuration many times trying different things and have attached my latest attempt. I believe the issue is due to the ASA treating the VPN subnet as a outside address and blocking local access. I attempted to add ACLs to permit access but they had no effect. I would really appreciate some pointers for why I cant access local server\PC or ping them when connected through VPN.

Abaji Rawool · ‎06-14-2015

Hi,

Try enabling icmp inspect

fixup protocol icmp

If that does not help, enable logging on the ASA and check the logs while sending traffic, that will give clue about traffic drop.

logging enable

show logging buffer

Also note ipsec VPN client is only supported upto windows 7

HTH

Abaji.