ASA and Cisco VPN question

Answered Question
May 2nd, 2007
User Badges:

I am having an issue on a new ASA. I am able to connect to the customer?s network using the Cisco VPN client, but I am not able to PING or access anything on the customers network. What needs to be done to fix this???

There is a route on the customer?s router pointing back to the firewall for the IP range you get when you VPN in?

Thanks,

Chris


Correct Answer by acomiskey about 10 years 2 months ago

Thanks, please rate.


No, it is needed for pix as well. ASA 7.2, the command is "crypto isakmp nat-traversal".


It is necessary if vpn client is connecting behind nat. Allows ipsec to be encapsulated in udp port 4500. The transport tab I mentioned is in the connection entry properties, if you click modify. You will see enable transparent tunneling over udp.

Correct Answer by acomiskey about 10 years 2 months ago

try adding to ASA...this is disabled by default


isakmp nat-traversal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
acomiskey Wed, 05/02/2007 - 06:56
User Badges:
  • Green, 3000 points or more

The config of the ASA would help. Without the config we can only guess, usually this is a nat-t issue. Make sure in vpn client config on the transport tab that you have "Enable transparent tunneling" checked.

Correct Answer
acomiskey Wed, 05/02/2007 - 07:18
User Badges:
  • Green, 3000 points or more

try adding to ASA...this is disabled by default


isakmp nat-traversal

chris.damore Wed, 05/02/2007 - 07:32
User Badges:

That fixed it! You are the man!!

Is this something new you have to do for the ASA?

Thanks again,

Chris

Correct Answer
acomiskey Wed, 05/02/2007 - 07:38
User Badges:
  • Green, 3000 points or more

Thanks, please rate.


No, it is needed for pix as well. ASA 7.2, the command is "crypto isakmp nat-traversal".


It is necessary if vpn client is connecting behind nat. Allows ipsec to be encapsulated in udp port 4500. The transport tab I mentioned is in the connection entry properties, if you click modify. You will see enable transparent tunneling over udp.

chris.damore Wed, 05/02/2007 - 07:41
User Badges:

I understand now...

Thank you very much for all of your help with this!!!!

Actions

This Discussion