I have a 1841 router that travels (remote presentations) connecting to home ASA 5500 using EZVPN.

this problem started after moving the VPN from a 3000 concentrator to ASA5500

home network is 10.1.0.0

remote network is 192.168.224.0

problem is, traffic CAN pass between networks (able to connect to servers on home network),

but cannot ping between networks.

already have "crypto isakmp nat-traversal 60" in config

thought it may be NAT issue, but that shouldn't be issue as other traffic can pass

Possible ACL issue?

here's the (scrubbed) config of the ASA;

: Saved
:
ASA Version 8.2(1)
!

!
interface GigabitEthernet0/0
nameif Outside
security-level 0
ip address *
ospf cost 10
!
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address 10.1.254.1 255.255.255.248 standby 10.1.254.3
ospf cost 10

access-list outside extended permit icmp any any

access-list Inside_nat0_outbound extended permit ip any 10.1.252.0 255.255.255.0

access-list Inside_nat0_outbound extended permit ip any 192.168.224.0 255.255.255.0

ip local pool Remote_LAN 10.1.252.2-10.1.252.254 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside

nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 192.168.0.0 255.255.0.0

crypto isakmp nat-traversal 60

threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

group-policy WR_Remote internal
group-policy WR_Remote attributes
wins-server value 10.1.44.6 10.1.44.7
dns-server value 10.1.44.6 10.1.44.7
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_tunnel_ACL
default-domain value law.firm
split-dns value husch.com blackwellsanders.com law.firm huschblackwell.com blkwl.com welshkatz.com lan.welshkatz.com
nem enable

username WR_Remote password rWGBPD2An9YuOnhC encrypted privilege 0
username WR_Remote attributes
vpn-group-policy WR_Remote

tunnel-group WR_Remote type remote-access
tunnel-group WR_Remote general-attributes
address-pool Remote_LAN
default-group-policy WR_Remote
tunnel-group WR_Remote ipsec-attributes
pre-shared-key *

Here's the config for the 1481 Router:

Building configuration...

Current configuration : 7610 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname WR-RTR-2
!
boot-start-marker
boot-end-marker
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server

!
crypto ipsec client ezvpn WR_Remote
connect auto
group WR_Remote key wr_remote@2
mode network-extension
peer *
xauth userid mode interactive
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 192.168.224.254 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
crypto ipsec client ezvpn WR_Remote inside
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address dhcp
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
crypto ipsec client ezvpn WR_Remote
!
ip classless
!
!

access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for EzVPN (udp-10000) WR_Remote
access-list 101 permit udp host * any eq 10000
access-list 101 remark Auto generated by SDM for EzVPN (non500-isakmp) WR_Remote
access-list 101 permit udp host * any eq non500-isakmp
access-list 101 remark Auto generated by SDM for EzVPN (isakmp) WR_Remote
access-list 101 permit udp host * any eq isakmp
access-list 101 remark Auto generated by SDM for EzVPN (ahp) WR_Remote
access-list 101 permit esp host * any
access-list 101 remark Auto generated by SDM for EzVPN (esp) WR_Remote
access-list 101 permit ahp host * any
access-list 101 deny   ip 192.168.224.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
access-list 102 remark VTY access-class list
access-list 102 remark SDM_ACL Category=17
access-list 102 permit ip 192.168.224.0 0.0.0.255 any
access-list 102 permit ip 10.1.0.0 0.0.255.255 any
access-list 102 deny   ip any any
access-list 103 remark SDM_ACL Category=4
access-list 103 permit ip 10.11.0.0 0.0.255.255 any
access-list 104 remark SDM_ACL Category=4
access-list 104 permit ip host 10.11.10.0 any
access-list 105 remark SDM_ACL Category=4
access-list 105 permit ip 10.10.0.0 0.0.255.255 any
access-list 106 remark SDM_ACL Category=4
access-list 106 permit ip host 10.10.12.0 any
access-list 107 remark SDM_ACL Category=4
access-list 107 permit ip host 10.10.0.0 any
access-list 179 deny   ip 192.168.224.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 179 deny   ip 192.168.224.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 179 permit ip 192.168.224.0 0.0.0.255 any
!
route-map EZVPN permit 10
match ip address 179
!