Easy VPN issue

Unanswered Question
Jun 24th, 2008
User Badges:


I'm facing an issue while doing easy VPN with network extension mode.

I have a setup ---inside (ASA5510 Central ) outside 80.2XX.1XX.1XX --------dynamic ADSL router outside (ASA5505 remote) inside

I configured the easy VPN with network extension between the central and remote sites I can see that the VPN is up but I'm unable to ping the LAN IPs from the server and remote client attacing the configs also.Split tunnel is also configured.

I cannot reach to the server LAN( from the remote( and Vice versa

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nomair_83 Mon, 06/30/2008 - 00:08
User Badges:
  • Bronze, 100 points or more


your ACL should be like this..

access-list no-nat extended permit ip

and type "no vpnclient enable" on server and also verfiy that sysopt connection permit-ipsec.

just remove nat-traversal from default crypto policy and retype it in isakmp policy 10.

Let see it works

kaachary Mon, 06/30/2008 - 09:14
User Badges:
  • Cisco Employee,

Can you post the output of :

sh cry ipsec sa

sh vpnclient

from the EZvPN client.


This Discussion