Re: Not able tp ping to inside n/w thru VPN client

sunilyk · ‎12-01-2003

Hi,

I have PIX firewall with statefull failover.

I have configured PIX for VPN client 3.0. The user is getting authenticated by the RADIUS server. But I am unable to ping to the inside network. (This is directly connected subnet.) I have checked all routes as well.

Can anybody suggest why the VPN client workstation is not able to ping the inside network ?

Regards,

Sunil

nihal.akbulut · ‎12-01-2003

Hi,

Did you write the acl to permit that traffic?By default, PIX doesn't permit any traffic from outside or DMZ to inside. Can you send your configuration?

sunilyk · ‎12-01-2003

Yes the acl is in place.

Regards,

Sunil

nihal.akbulut · ‎12-01-2003

Did you permit the vpn client's ip address in acl or did you use downloadable acl from radius? or maybe icmp is not permitted in your acl, (which I did the same mistake before ;)..

sunilyk · ‎12-01-2003

Yes I have permitted the vpn clients ip address in acl. ICMP and IP are permitted.

One more thing....once I get connected I see transport tunneling : "Inactive" in the VPN client connection status.

sharpkings · ‎01-14-2004

Sunilyk, Did you ever manage to get this working ? I have the exact same problem - the config looks OK and the client authenticates and gets allocated an address but then cannot connect. Any help would be much appreciated

jmia · ‎01-14-2004

Hi -

Have got: nat (inside) 0 access-list applied on your PIX config ??

Thanks -