Solved: Re: Can't Ping across remote access VPN

peteroddan · ‎11-02-2005

Hi Everyone,

I hope I've posted this in the right place !

I'm a bit new to Cisco IOS, so please forgive me if I'm asking a stupid question !

We have a PIX 515E firewall 6.3(4)on which I've used the VPN wizard to set up a remote access VPN for the Cisco VPN client on the outside interface.

When I connect from home on my WinXP Pro SP2 laptop running Cisco VPN Client 4.0.5(C) I seem to be able to connect to most network resources (i.e file shares, I can RDP into servers etc) but I can't seem to be able to ping anything - I just get request times out.

I'm sure it's something stupid I've done (or not done).

I've attached my config, and would be grateful if anyone could take a look and point me in the right direction.

Thanks in advance for your help,

Peter.

ciscocsoc · ‎11-03-2005

Hi Peter,

You need to add a line to the access-list inside_access_in:

enable

conf t

access-list inside_access_in permit icmp any any

exit

write mem

Kind Regards

Cathy

View solution in original post

ciscocsoc · ‎11-02-2005

Hi Peter,

It isn't immediately obvious which of the ACLs you are using for your remote clients, but the problem might lie with not allowing ICMP echo-reply back out.

Prior to PIX 7 there is no ICMP inspection engine, so you need to explicitly allow return traffic.

HTH

Cathy

peteroddan · ‎11-02-2005

Hi Cathy,

Thanks very much for your reply.

What you've said sort of makes sense to me !(as I said, I'm relatively new to Cisco), but I'm not entirely sure how to implement it !

Can you tell me where I would need to go in the SDM to enable this for my VPN, or what command I would use at the command line ?

Thanks,

Peter.

ciscocsoc · ‎11-03-2005

Hi Peter,

You need to add a line to the access-list inside_access_in:

enable

conf t

access-list inside_access_in permit icmp any any

exit

write mem

Kind Regards

Cathy

peteroddan · ‎11-03-2005

Hi Cathy,

Thanks very much - that worked great !

Cheers,

Peter.