We help IT Professionals succeed at work.

Cisco ASA 5505 SSL vpn configuration

I am trying to config a new ASA5505 the base license for Anyconnect SSL vpn and finally  I am able to establish connection but i can't ping ASA ip or any inside host. I did a similar configuration on a different model and worked  without any issue.
I have attached the  config  the version 8.2(1) on ASA.  Aso  tried the same config on another similar model 5505 base license same sw ver same error.

Watch Question

John MeggersNetwork Architect

You won't be able to ping the ASA inside IP, but you should be able to ping inside devices.  Your config looks right to me, and if the device is a 5505, my guess is you don't have another router inside, so devices probably have a default gateway pointing to the ASA.  (That's always a potential issue, whether the recipient of the pings knows where to send its response.)  Are you sure the device you're pinging on the inside will accept a ping?  Is there a personal firewall in operation that would block pings?  Can you ping that device from the ASA itself?


Yes the ping should work from vpn to inside interface and also as you mentioned for inside host.  I tried this on a ASA5510 and it works. The one I am testing on ASA5505 I connected one PC in inside network (IP gw as ASA inside interface ip From the inside pc i can ping ASA's internal ip When i try to connect from PC on outside network i am able to establish Anyconnect but cannot ping the inside pc or other inside host. I can see any connect client get the ip and i am able to ping that ip only. Also another strange thing i noticed that when I  assign the vpnpool1 address to “tunnel-group AnyCnt general-attributes  “  I am not able to establish tunnel. It gives a message no ip address assign. When I remove the tunnel- group ip and assign it to “group-policy SSL_Grp attributes“it is able to establish tunnel.
Head of IT Security Division
Top Expert 2010

At the first look the config seems good, did you reloaded the ASA?
This line is not need:
access-list ssl_split_tunnel standard permit


I reloaded  and it seem to be working fine.