Cisco ASA connects but can't get access LAN

Setting up a new ASA and using the ipsec vpn, it connects but i can't ping the local network.  The weird thing is that i can access other networks that connect to my local area via lan to lan tunnels or mpls site to site; i have route statements in my asa that point to other networks and my vpn client can get to those fine...just nothing on the local area LAN where the ASA is located.  

we are running ASA version 8.6.   any thoughts, anyone?
techlindenAsked:
Who is Participating?
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
What OS is on the ASA? - connections and no traffic is usually NAT related?


Cisco VPN Client Connects but no traffic will Pass

Pete
0
 
Ernie BeekConnect With a Mentor ExpertCommented:
Thoughts:

-Check the nat exempts
-Check the ACLs for the 'interesting' traffic in the crypto map statements
-Check the logs when trying to reach the LAN
-Check the outside interface ACL when not using sysopt connection permit-vpn
0
 
bs_ssgCommented:
You "can't ping".  What's the status of ICMP on the ASA?
0
 
techlindenAuthor Commented:
I had a double nat in there.   i took one of them out and it's working now.  however, the weird thing is that i can't ping the internal interface of the ASA.   This is an 5545x that we are putting into place to accommodate more users.  We were using a 5505.  The 5505 is also at the same datacenter and on the same subnet.  if i log into the ipsec vpn of the 5505 i can ping the internal interface of the 5545.  but if i log into the ipsec vpn of the 5545 , i can ping other items on the internal lan but not the internal interface of the 5545.  

any ideas on why?
0
 
Ernie BeekExpertCommented:
I think you would need: management-access inside in the ASA
0
All Courses

From novice to tech pro — start learning today.