Can connect to IPSec VPN but can't see internal network

Answered Question

I have several users that can connect to our VPN ussing IPSec on a 5505. I have one user that can connect, but cannot see the internal network. This user is using DSL with a speedstream 4100. However, I have another user with the same setup that can connect and see the internal network. The logs in ASDM show the connection, but don't seem to show any errors when trying to access internal. Any help will be greatly appreciated. Thanks, Bill.

Correct Answer by Farrukh Haroon about 8 years 9 months ago

No it does not. It just negotiates to see if there is any NAT in the transit path (by using HASH values), if the hashes are not equal it encapsulates the IPSEC traffic inside UDP 4500. The VPN is still as secure as it is before.


Regards


Farrukh

Correct Answer by acomiskey about 8 years 9 months ago

Add..


crypto isakmp nat-traversal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Farrukh Haroon Mon, 06/09/2008 - 17:59
User Badges:
  • Red, 2250 points or more

Are you using split tunneling/local lan access?


Are both Clients seeing the same routes in their VPN Client >> Routes window?


Have you tried to compare the 'route print' output of both machines after the VPN has been established?


Are both machines using Same OS/PATCH level?


Regards


Farrukh

Farrukh Haroon Mon, 06/09/2008 - 18:38
User Badges:
  • Red, 2250 points or more

Please have a look at the following two links, please note you can use only ONE of them at a time:


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml


Your output should match the VPN CLient >> Statistics >> Route details mentioned on these links, based on what you want to configure (Local LAN OR Split-tunneling)


Regards


Farrukh

Correct Answer
acomiskey Tue, 06/10/2008 - 08:41
User Badges:
  • Green, 3000 points or more

Add..


crypto isakmp nat-traversal

Correct Answer
Farrukh Haroon Tue, 06/10/2008 - 11:52
User Badges:
  • Red, 2250 points or more

No it does not. It just negotiates to see if there is any NAT in the transit path (by using HASH values), if the hashes are not equal it encapsulates the IPSEC traffic inside UDP 4500. The VPN is still as secure as it is before.


Regards


Farrukh

Actions

This Discussion