Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
593
Views
0
Helpful
1
Replies

Software "VPN Client" tunnel to ASA established but cannot ping.

JonCommins
Level 1
Level 1

‎01-09-2014 02:56 PM

Sorry, I accidentally marked my last post "answered" prematurely.

Anyway, here is my network:

vpn-client-diagram-2.fw.png

I have successfully connected to the inside network of the ASA via a software "VPN Client" tunnel and obtained an IP address of 10.45.99.100/16.

I'm trying to ping 10.45.7.2 from the outside 10.45.99.100, but the ping fails (request timed out).

Here's my current config:

http://pastebin.com/raw.php?i=2KNrqs2n

With "logging console information" set, I see that the pings are taking place...

SALMONARM(config)# logging console informational

SALMONARM(config)# %ASA-5-111008: User 'enable_15' executed the 'logging console informational' command.

%ASA-6-302021: Teardown ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302020: Built inbound ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302021: Teardown ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302020: Built inbound ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302021: Teardown ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302020: Built inbound ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302021: Teardown ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302020: Built inbound ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302021: Teardown ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302020: Built inbound ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302021: Teardown ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302020: Built inbound ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302021: Teardown ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302020: Built inbound ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

%ASA-6-302021: Teardown ICMP connection for faddr 10.45.99.100/1 gaddr 10.45.7.2/0 laddr 10.45.7.2/0 (david)

With "logging console debug" set, I don't see any ICMP requests being dropped.

Why are these pings not going through successfully?

Labels:
0 Helpful
1 Reply 1

JonCommins
Level 1
Level 1

‎01-09-2014 03:34 PM

Nevermind. The pings were not going through because the firewall, of the Window XP machine I was trying to ping, was blocking it.

Now if only I could mark this thread "answered"...

0 Helpful
Customers Also Viewed These Support Documents