04-13-2010 12:40 PM
Hi all.
I have a site-to-site IPSEC VPN running between a 5510(HQ) and 5505(Remote). All is working on the tunnel. Crypto maps and ACLs are symmetrical. I see the tunnel is up for the required subnets. However I cannot ping from internal subnets inside 5510 to remote LAN inside 5505 and vice-versa. I have other VPN spokes to 5510 where I can ping inside x.x.x.x from remote LAN with success. Can figure out what I am missing. I can ping internet items but cannot ping HQ.
Any suggestions?
Also I am a now learning the ASAs so I am not an expert. I do know that I am allowing ICMP from outside. Both my NONAT statement and crypto map are running off same object group that lists the HQ subnets.
Thanks in advance.
Solved! Go to Solution.
04-13-2010 12:55 PM
04-13-2010 12:44 PM
Hi,
Enable on both sides access to the inside interface via VPN with the command:
management access-inside
Then, try to PING from the ASA to the other's ASA inside IP address, like this:
ping inside x.x.x.x
If it works, then check the internal subnet has a route pointing to the ASA for the interesting traffic.
Federico.
04-13-2010 12:50 PM
Also to add....I can ping all 5510 inside subnets from clients on the 5505 LAN. Just cant from the 5505 itself via the ping inside x.x.x.x command.
I also can't ping the remote 5505 LAN from anywhere inside the 5510.
Makes sense?
04-13-2010 12:55 PM
The 5505 is missing the command:
management-access inside
Federico.
04-13-2010 12:58 PM
You the man Federico!
Thanks for the quick reply!
That worked!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide