Can connect to IPSec VPN but can't see internal network

Answered Question

I have several users that can connect to our VPN ussing IPSec on a 5505. I have one user that can connect, but cannot see the internal network. This user is using DSL with a speedstream 4100. However, I have another user with the same setup that can connect and see the internal network. The logs in ASDM show the connection, but don't seem to show any errors when trying to access internal. Any help will be greatly appreciated. Thanks, Bill.

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 5 months ago

No it does not. It just negotiates to see if there is any NAT in the transit path (by using HASH values), if the hashes are not equal it encapsulates the IPSEC traffic inside UDP 4500. The VPN is still as secure as it is before.

Regards

Farrukh

Correct Answer by acomiskey about 8 years 5 months ago

Add..

crypto isakmp nat-traversal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Farrukh Haroon Mon, 06/09/2008 - 17:59

Are you using split tunneling/local lan access?

Are both Clients seeing the same routes in their VPN Client >> Routes window?

Have you tried to compare the 'route print' output of both machines after the VPN has been established?

Are both machines using Same OS/PATCH level?

Regards

Farrukh

Farrukh Haroon Mon, 06/09/2008 - 18:38

Please have a look at the following two links, please note you can use only ONE of them at a time:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

Your output should match the VPN CLient >> Statistics >> Route details mentioned on these links, based on what you want to configure (Local LAN OR Split-tunneling)

Regards

Farrukh

Correct Answer
Farrukh Haroon Tue, 06/10/2008 - 11:52

No it does not. It just negotiates to see if there is any NAT in the transit path (by using HASH values), if the hashes are not equal it encapsulates the IPSEC traffic inside UDP 4500. The VPN is still as secure as it is before.

Regards

Farrukh

Actions

This Discussion