No reply from VPN connection on ASA 5505 7.2(4)

Unanswered Question


I followed this guide to setup my vpn using the CLI:

My setup is pretty basic except that I use radius authentication.

Right now, I can connect, the authentication works, the split tunneling works, but I can't access the inside LAN. I see the packets go in but they can't get out. I've been looking around for a while I can't figure out how to permit the packets back on the tunnel.

trying a ftp connection:

My logs show:

Built inbound UDP connection 4460548 for outside: ( to inside:srv-office1/53 (srv-office1/53) (user)

and then

Teardown UDP connection 4460451 for outside: to inside:srv-office1/53 duration 0:02:08 bytes 245 (user)

If I packet trace (vpn client) to (srv-office1) with ftp it shows that flow is denied by configured rule.

The rule is inside

2 any any ip Deny Default Implicit rule

So I'm guessing I'm missing a rule somewhere...

Someone pointed me to

sysopt connection permit-vpn

but when I run sh run sysopt there is no output. Is it normal?

I attached parts of the configuration.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
husycisco Thu, 08/21/2008 - 02:02

Hello Etienne

access-list inside_nat0_outbound extended permit ip

no access-list inside_nat0_outbound extended permit ip any

clear xlate

Will solve your issue, but as Andrew mentioned, using a pool in a different subnet is the best practise.



I have it working now.

Here is what I did:

no ip local pool Local_IPs ...

ip local pool Local_IPs mask

access-list inside_nat0_outbound extended permit ip

nat (inside) 0 access-list inside_nat0_outbound

And it works.

Thanks for the help!


This Discussion