Fix can’t ping Inside Interface on Cisco ASA over IPsec VPN

Fix can’t ping Inside Interface on Cisco ASA over IPsec VPN

 

1. The problem usually happens after upgrading ASA to new version

2. The problem relates to NAT Issues on ASA with new version

3. How to Fix that

Solution 1:

If  you have ASDM, you can connect to ASDM

Configuration –> Firewall –> Nat rules

Choose NAT Rules with IPSec VPN site to site which you need open for management Interface –> Enable Lookup Route Table to locate egress interface.

DONE

Solution 2:

Telnet or SSH to your ASA and re-configure the nat with “route-lookup” in the end of command.

no nat 2
nat (Inside,Outside) 2 source static LOCAL_NET_16 LOCAL_NET_16 destination static REMOTE_NETWORKS REMOTE_NETWORKS no-proxy-arp route-lookup

DONE

That’s all. Thanks for using IThelpblog.com.

 

Tags:  

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>