Re: EzVPN working in just single way

Don't try to ping the ASA IP itself, try to ping any other server on the
inside.

On Sun, Aug 30, 2009 at 1:51 PM, CCIE <ccie_at_axizo.com> wrote:

> Dear Joseph,
> I verified all of these, and if you don't mind please have a look at what I
> have:-
>
> ciscoasa# show run nat
> nat (inside) 0 access-list inside_nat0_outbound
>
> ciscoasa# show run access-list inside_nat0_outbound
> access-list inside_nat0_outbound extended permit ip any 192.168.150.0
> 255.255.255.0
>
> ciscoasa# sho run ip local pool
> ip local pool bank 192.168.150.20-192.168.150.30 mask 255.255.255.0
>
> MY pc got the IP 192.168.150.20, I can't ping the inside interface of the
> ASA,,,, while I can see it arrive to the ASA using show crypo ipsec sa...
>
> Anyone from the inside can ping me.
>
>
> Regards,
> Amin
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Joseph L. Brunner
> Sent: Sunday, August 30, 2009 1:26 PM
> To: CCIE; ccielab_at_groupstudy.com
> Subject: RE: EzVPN working in just single way
>
> Please confirm acl's on the asa inside or other interface facing the
> resources.
> Please confirm nat is not occurring for your pool address.
> Please confirm internal network knows how to get back to the ASA pool
> address your leasing.
>
> Please post the results of
>
> Show run nat
> Show access-list
> Show run access-group
>
> From any internal routers
>
> Post the result of "show ip route <pool ip>
>
> Thanks,
>
> Joe
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> CCIE
> Sent: Sunday, August 30, 2009 6:17 AM
> To: ccielab_at_groupstudy.com
> Subject: EzVPN working in just single way
>
> Hi experts,
>
>
>
> I have setup and EzVPN between ASA and VPN client software, the VPN client
> can connect and establish a VPN session with the VPN server, the devices
> behind the VPN server can ping and access any resources on my PC, but I
> still can't access any resource from the server side, even once I run show
> crypto ipsec sa it shows me that the server side is getting that traffic
> and
> decrypt it.
>
>
>
> Regards,
>
> Amin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 4314 (20090807) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 4314 (20090807) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 30 2009 - 13:56:04 ART