
I have a client who uses a 506e with the cleint 4.02 for the remote VPN Cisco.
CANNOT PING ASA THROUGH EASYVPN SOFTWARE
If you run a 8.3 software or newer on the SAA, should also look at the configuration 'nat' IF the above command solves your problem You must have the 'inside access management' command configured on the SAA. I need to access the remote location ASDM. I have a scenario with tunel VPN between a router and ASA and can ping subnet behind ASA subnet behind the router (and), but I cannot ping the ASA inside the interface on the VPN tunnel. 10.10.10.254 NAT (outdoors, outdoor)ĭestination NAT (outdoors, outdoor) SITE-B 10.10.10.254 dynamic sourceĬannot ping ASA inside the interface via VPN Say, this IP (10.10.10.254) is unused IP to the central office, allowed to access remote tunnel 'A' and 'B' of the site.ĭynamic source destination SITE-a. You need dynamic nat (for available IP addresses) for the two side to every subset of remote access to the other side remote subnet and so they can access every other subnet as if both from the traffic from your central location. Group Policy: Group remote CONTROL-NETEXTENSION Tunnel: remote CONTROL-NETEXTENSION IPSec-attributes tunnel-group to DISTANCE-NETEXTENSION Group Policy - by default-remote CONTROL-NETEXTENSION Global DISTANCE-NETEXTENSION-attributes tunnel-groupĪuthentication-server-group (inside) LOCAL Remote access of type tunnel-group to DISTANCE-NETEXTENSION Split-tunnel-network-list value REMOTE-NET2 Remote CONTROL-NETEXTENSION group policy attributes Internal strategy group to DISTANCE-NETEXTENSION *.56.250Ĭard crypto VPN-card 50 set transform-set AES-256-SHA ikev1 HOLT-VPN-ACL extended access-list allow ip object-CBO-NET object group SITE-a.ĭestination SITE-a NAT (outside, outside) static source SITE - a static SITE to SITE-B-BĪddress for correspondence card crypto VPN-card 50 HOLT-VPN-ACLĬard crypto VPN-card 50 peers set *. Object-network 192.168.46.0 255.255.255.0Įxtended OUTSIDE allowed a whole icmp access list

Permit same-security-traffic intra-interface Permit same-security-traffic inter-interface I can ping from central office for two remote sites, but I cannot ping between these two vpn sites? Tried to debug icmp, I can see the icmp side did reach central office but then disappeared! do not send B next? Help, please. Vpn l2l site A, site B is extension vpn network, connect to the same vpn device 5510 to the central office and work well.
