cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
854
Views
0
Helpful
9
Replies

Cant connect inside with VPN client to ASA 5505

lumilux69
Level 1
Level 1

Hello,

I can establish a vpn connection to ASA 5505 but can not reach the inside network at 3 from 4 remote sites. Only on one site the connection ist working properly. On the other 3 sites I am able to connect to other VPN gateways e.g PIX 501

Thanks for help

Michael

1 Accepted Solution

Accepted Solutions

husycisco
Level 7
Level 7

Michael I found what is missing after re-checking your config. Add the following

isakmp nat-traversal 20

Regards

View solution in original post

9 Replies 9

husycisco
Level 7
Level 7

Hi Michael

Please post your config, is this site-to-site or Remote access vpn?

it is remote VPN. here the config is atached.

thank you

husycisco
Level 7
Level 7

Config looks OK. The working connection in one site is also a clue for this. Other 3 must be a clientside issue. Either groupname, preshared key or peer ip is wrong. I suggest you to copy the pcf file in site in which connection works then import this pcf file in a site in which connection does not work. You can search for *.pcf in C:\ drive, you will see the pcf of this RemoteAccess VPN

Thank you for responds, I am using the same Clinet !!! (Notebook) at one site it works at the 3 other not. The remote VPN connection is established and I received a valid ip "10.151.53.100" from VPN-IP-pool. I even can see the connection in session monitor in ASDM but no acces to inside LAN

Any other ideas?

husycisco
Level 7
Level 7

Aha!

Most probably, the router/modem does not support transparent tunneling or it is not enabled. In VPN client screen, click on the connection, then click modify. In Transport tab, uncheck "Transparent Tunneling"

I tried but it doesn't work. I wrote you I am able to connect to different sites (PIX501) with transparent tunneling checked...

I have only problems connecting to the ASA 5505 with same vpn client

really strange

husycisco
Level 7
Level 7

Michael I found what is missing after re-checking your config. Add the following

isakmp nat-traversal 20

Regards

thats it, thanks al lot for your great support.

Best regards

Michael

husycisco
Level 7
Level 7

You are welcome Michael, nice to see that your problem is resolved :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: