Search this Blog

Wednesday, December 2, 2009

VPN user authenticated but cannot ping inside interface


We currently have a pair of PIX 515e's that are being replaced. We have the ASA here in the office and we are trying to get as much configuration done as possible before we move it into production. At the office we are behind a cable modem and the IP of that device is set as the the default route in our ASA when we do our testing.

When it's time to test we connect the cable modem to the outside interface and our laptop to the inside interface and begin testing.

We authenticate and connect with the VPN client and we can ping our laptop that we have connected directly to the inside interface on the ASA but we are unable to ping the inside interface. The log shows a build-up and and tear-down of the ICMP requests but we still get no response on the vpn client side. It seems like the traffic isn't making it back out to the VPN tunnel.

Configure "management-access inside" then you can access/ping the inside interface over a vpn tunnel.

Without this command you can only access the inside interface from the inside.

Apart from ping this will also enable you to telnet to the inside interface over the tunnel, and use ASDM.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

1 comment :

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */