I have a bit strange problem regarding Cisco VPN client (IPSec) with Cisco ASA. The Cisco ASA is running software version 5.2(2). The Cisco VPN client version is 3.5.1.
The problem is the Cisco VPN client could successfully authenticate with the Cisco ASA but couldn't PING to any LAN network behind the Cisco ASA. Anyway, the problem was gone when we used the Cisco VPN client version 4.6 or 4.8. All the settings are exactly same. What has it happened? What is the cause of this issue? How can I troubleshoot this problem?
With the VPN client version if you used IPSec over UDP, it will use port UDP port 10000.
Since you are coming through a NAT device, I am sure ASA is detecting UDP 4500 (which is NAT-T) and then trying to use that.
But, you can use IPSec over TCP. If thats the case then make sure you have IPSec over TCP configured on the ASA. According to your previous output of
sh run | in isakmp --> you did not have that configured on the ASA
This is the command.
"isakmp ipsec-over-tcp port 10000"
Let me know if this helps.
I understood your problem, I never used 3.5.1 so I thought maybe nat-t wasn't enabled by default like 4.x.