Solved: Unable to ping SSL vpn users

newtwork1 · ‎06-01-2011

I've setup several ASA's with Anyconnect based SSL VPNs, but I've never been able to ping an IP address that has been assigned to the remoted in user. Should I be able to ping the remoted in user? Do I need to configure anything in group policy or user attributes to enable this?

Newt

Gustavo Medina · ‎06-01-2011

Newt,

Absolutely, you will be able to ping the RA client when he/she connects, if the client is able to ping your internal resources but the connection does not work the other way then most likely the firewall of the RA client is blocking those packets. Most of the software firewalls including the Windows Firewall drop unsolicited incoming traffic that does not correspond to either traffic sent in response to a request of the computer (solicited traffic) or unsolicited traffic that has been specified as allowed (excepted traffic).

Regards.

View solution in original post

Gustavo Medina · ‎06-01-2011

Newt,

Absolutely, you will be able to ping the RA client when he/she connects, if the client is able to ping your internal resources but the connection does not work the other way then most likely the firewall of the RA client is blocking those packets. Most of the software firewalls including the Windows Firewall drop unsolicited incoming traffic that does not correspond to either traffic sent in response to a request of the computer (solicited traffic) or unsolicited traffic that has been specified as allowed (excepted traffic).

Regards.