issue with pix/asa running v8.03 and client vpn

Unanswered Question
Nov 9th, 2007

i updated my pix recently to 803. everything seems good mostly. just today i started having issues with client vpn. when i try to vpn out (through the pix) i can establish a tunnel but i cannot pass packets. the client says i am encrypting but does not see any decrypts. if I take the same laptop and go to a wireless hotspot and establish the same vpn connection, it works just fine.

any idea's?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jason Gervia Mon, 11/12/2007 - 18:07

Make sure that you have ipsec over UDP allowed in your profile on the vpn client and that udp 4500 is allowed through your firewall - it sounds like you may be getting through p1/p2 but your firewall may be blocking ESP packets.

tguadagno Mon, 11/12/2007 - 21:24


thanks for the help. I think I know what happened, but I do not know why it happened. After staring at the configs for a while, I noticed that the following line was present:

no crypto isakmp nat-traversal

once I put the nat-traversal back in, everything worked....but I don't understand how this happened on 3 different systems. the only common fact is I upgraded them all to 8.02 about 1 week before....

i don't understand.

any, thanks


This Discussion