VPN ping / Communication host to host

Murray Bown · ‎05-08-2012

Hello Guys,

ASA 5510

Ver 8.2(5)

I have been looking all over the place for the answer of how to allow clients on an IPSEC VPN to ping from host to host. I know I have seen it in the config someplace but I just can find it now.

Any help is greatly appreciated.

Murray

rizwanr74 · ‎05-08-2012

"IPSEC VPN to ping from host to host."

Please explain more, pinging host to host, between Remote access vpn-clients (RA) client or between RA client and Remote-VPN Site ?

thanks

Murray Bown · ‎05-09-2012

Hi Rizwan,

What I am trying to say is, how can peers on remote access VPN communicate with each other.

Murray

rizwanr74 · ‎05-09-2012

Ok, let me recap what you have said i.e you want to have remote-access vpn-client to communicate with each other.

Lets assume, you have two vpn-pools as shown below.

ip local pool RA_POOL-ONE 10.10.1.1-10.10.1.254 mask 255.255.255.0

ip local pool RA_POOL-TWO 10.10.2.1-10.10.2.254 mask 255.255.255.0

Now create an ACL as shown below.

access-list outside-nonat extended permit ip 10.10.1.0 255.255.255.0 10.10.1.0 255.255.255.0

access-list outside-nonat extended permit ip 10.10.1.0 255.255.255.0 10.10.2.0 255.255.255.0

access-list outside-nonat extended permit ip 10.10.2.0 255.255.255.0 10.10.2.0 255.255.255.0

access-list outside-nonat extended permit ip 10.10.2.0 255.255.255.0 10.10.1.0 255.255.255.0

Now apply the ACL on outside interface.

nat (outside) 0 access-list outside-nonat

Now this will give remote vpn-clients communication between them.

Hope that answers your question.

thanks

Rizwan Rafeek

rizwanr74 · ‎05-09-2012

Please rate helful post.

thanks