Register now or log in to join your professional community.
An IPSec remote access client has initiated a VPN connection to a Cisco ASA successfully. However, when the remote user tried to ping a server in the corporate site, the user didn't get any response. Note that the server can send replies successfully internally and to other WAN sites.
please check gre protocol does it allow by ASP
This can be related to many issues:
1-check NAT exempt configuration.
2- if splite tunnel is configured is the server IP in the splite tunnel configuration.
3-server or any layer three devices in the path (between the fire LAN interface and the server) should know a route the VPN clients pool
you can verify this simply using capture on the ASA LAN interface
4-access-group applied on the LAN interface or devices in the path.
5-Check ASP captures on the ASA during the test, is there any drops related to traffic between VPN client IP and server IP.
hope this helps.
Best regards,
Rami Haddad
CCIE security #35629