800 Series Windows Client to Router VPN cannot Ping.

Unanswered Question
Jan 7th, 2009
User Badges:


I am having trouble getting my VPN working, I think the trouble is in my nat statement.

I am only working with 3 devices, a laptop connected to WAN port, the router, a desktop connected to the lan side.

Laptop ip is, the cisco client connects and I receive a valid ip the client is showing the secured route as

Desktop is configured as

I have attached the config.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Thu, 01/15/2009 - 14:50
User Badges:

NAT-Traversal or NAT-T allows VPN traffic to pass through NAT or PAT devices, such as a Linksys SOHO router. If NAT-T is not enabled, VPN Client users often appear to connect to the PIX or ASA without a problem, but they are unable to access the internal network behind the security appliance.

If you do not enable the NAT-T in the NAT/PAT Device, you can receive the regular translation creation failed for protocol 50 src inside: dst outside: error message in the PIX/ASA.

Similarly, if you are unable to do simultaneous login from the same IP address, the Secure VPN connection terminated locally by client. Reason 412: The remote peer is no longer responding. error message appears. Enable NAT-T in the head end VPN device in order to resolve this error.

Note: With Cisco IOS Software Release 12.2(13)T and later, NAT-T is enabled by default in Cisco IOS.

dianewalker Sun, 01/18/2009 - 21:05
User Badges:

I have the same problem. After the Cisco VPN client connects, the Remote office was not able to access the internal network (intranet web server and SQL database) even though the Split-tunnel is enabled. How do you enable NAT-T on the ASA 5550? Thanks.


This Discussion