ASA 5550 VPN connectivity error

Unanswered Question
May 24th, 2007

I've searched the forums but didn't find any of the solutions helped. I've got remote access VPN setup. I can connect to the ASA but can NOT ping or pass traffic to any hosts. I'm running 7.2(2).18 firmware. I tried using the VPN wizard as well as the docs to manually create it and have had the same result.

I've wiped the ASA and started over thinking it was something in my config but no help either. I'm at my wits end and I haven't even started on the site to site!

I have a 5510 that the VPN wizard works fine on. I connect and pass traffic right away.

One interesting thing is I get a error on the VPN client with the addroute failed 87. I've tried different versions of the client and tried the 5.0 client with a fresh PC and got the same result.

Please help! I've attached my config.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
figment Fri, 05/25/2007 - 07:41

Just added that. Tried again and still no luck.

I forgot to add I've tried connecting from a NAT'd PC and from a WWAN device that had a public IP.

acomiskey Fri, 05/25/2007 - 07:53

Whats the OS on the client?

Do you have any other vpn client installed on this machine?

figment Fri, 05/25/2007 - 08:57

OS on the multiple clients I've tried on has been XP SP2. I tried on one client that had never had any vpn client installed, I installed ver 5 on this new client and still had the same problem.

No othe VPN clients are installed. The only thing was both clients had Vmware insatlled.

The odd thing is when I connect to the 5510 with the same client I get no errors and connectivity is good.

ggilbert Fri, 05/25/2007 - 12:17

Reading through your description it seems like you are running into a bug which is not fixed.


the problem happens when you have more than 1 ip address attached to the interface. Since you mentioned that you have VM ware, I am guessing that might be the problem.

Would it be possible to disable the interface of the VM ware adapter and try the client.

Let me know how it goes.

Rate this post, if it solves the issue.



figment Sat, 05/26/2007 - 08:55

I tried disabling both VMware adapters and tried again with no luck.

The normal LAN adapter only has one IP on it assigned from DHCP.

I'm going to install the 5.0 vpn client on a PC that does not have vmware and try it as well.

Any other ideas? Would it help to take the 5550 down to the same firmware as the 5510? The 5510 has 7.0.6 code on it.


This Discussion