I am trying to config a new ASA5505 the base license for Anyconnect SSL vpn and finally  I am able to establish connection but i can't ping ASA ip or any inside host. I did a similar configuration on a different model and worked  without any issue.
I have attached the  config  the version 8.2(1) on ASA.  Aso  tried the same config on another similar model 5505 base license same sw ver same error.


asked 12/03/2011 08:50

Manojc3's gravatar image

Manojc3 ♦♦

4 Answers:
You won't be able to ping the ASA inside IP, but you should be able to ping inside devices.  Your config looks right to me, and if the device is a 5505, my guess is you don't have another router inside, so devices probably have a default gateway pointing to the ASA.  (That's always a potential issue, whether the recipient of the pings knows where to send its response.)  Are you sure the device you're pinging on the inside will accept a ping?  Is there a personal firewall in operation that would block pings?  Can you ping that device from the ASA itself?



jmeggers's gravatar image


Yes the ping should work from vpn to inside interface and also as you mentioned for inside host.  I tried this on a ASA5510 and it works. The one I am testing on ASA5505 I connected one PC in inside network (IP gw as ASA inside interface ip From the inside pc i can ping ASA's internal ip When i try to connect from PC on outside network i am able to establish Anyconnect but cannot ping the inside pc or other inside host. I can see any connect client get the ip and i am able to ping that ip only. Also another strange thing i noticed that when I  assign the vpnpool1 address to “tunnel-group AnyCnt general-attributes  â€œ  I am not able to establish tunnel. It gives a message no ip address assign. When I remove the tunnel- group ip and assign it to “group-policy SSL_Grp attributes“it is able to establish tunnel.

answered 2011-12-04 at 11:48:11

Manojc3's gravatar image



At the first look the config seems good, did you reloaded the ASA?
This line is not need:
access-list ssl_split_tunnel standard permit

answered 2011-12-04 at 23:51:16

ikalmar's gravatar image


I reloaded  and it seem to be working fine.

answered 2011-12-10 at 13:27:10

Manojc3's gravatar image


Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments



Asked: 12/03/2011 08:50

Seen: 237 times

Last updated: 12/11/2011 05:05