Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
1
Replies

VPN client issue

costin.vilcu
Level 1
Level 1

‎08-07-2008 08:47 AM - edited ‎02-21-2020 03:52 PM

Hello everyone,

please advise me with the following problem:

i configured an ASA for VPN client. The asa is behind a router that permits esp, udp 500 and udp 4500 for any.

The issue is: if i connect with the vpn client from my site (company) to the asa, i receive one of the atdresses configured (the vpn pool) and i can ping and telnet any host from the ASA's inside lan.

If i connect via a modem (3G) or from a virtual machine on my computer i can not ping or telnet to anything even if i receive the same ip from the pool. So the VPN client gets connected but i can not do anything in the ASA's inside network. More... if i look in the Statistics window in the vpn client it shows that it sends and encrypts packets, but does not receive and decrypts none. If i look in the ASA for sho cry ipsec sa for that peer it does not receive or send any packet.

Did you see this problem anywhere else? What could be wrong? In both situation the vpn client go to ASA with a public ip.

thanks

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎08-08-2008 12:33 AM

Enable "TCP Nat traversal" some providers do not like encrypted traffice to traverse their networks. once you enable it - normally port TCP 10000 - this can be defined, remember to allow that specific TCP port thru the router.

HTH>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents