EZ VPN up but not passing traffic

cshannahan · ‎05-15-2008

I configured my 5520 ASA as the server, configured the 5505 as the client. My internal network behind the 5520 can ping the remote device 5505 and the PC behind the 5505 can ping the 5520 but I can't pass traffic from PC to PC. The rules are there, routes are there, I believe the NAT statement is correct. I'm not sure what's going on. This is the 1st time I setup Easy VPN, i usually do L2L but I want to be able to hand this devices out without knowing the far end peer IP.

Any ideas? I have it in a lap right now, 5520 connects to a L3 switch and the ASA's are connected to each other. The VPN comes up right away but I do anything other than that!

owillins · ‎05-21-2008

Verify your output of "show crypto ipsec sa" from both sides . And verify your ACL and NAT

cshannahan · ‎05-21-2008

Yeah I've done that, packets are getting encrypted and decrypted on both ASA's, tunnel is up. ACLs allow everything, also have the checkbox checked for VPN to bypass access lists. NAT seems to be fine but if anything that could be the problem.

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1 0.0.0.0 0.0.0.0

route Outside 0.0.0.0 0.0.0.0 OUTSIDE_INT 1

access-list Inside_nat0_outbound extended permit ip 10.16.0.0 255.255.0.0 10.27.34.0 255.255.255.0