VPN Tunnel is but no traffic flows

mikewillis · ‎11-04-2009

I have Cisco ASA5505 that I'm trying setup VPN access to and I'm having the hardest problem with it. The VPN tunnel connects and the logs show PHASE 1 completed. But whenever I try and make any connection to the internal lan I get nothing.

I have tried messing with NAT, and ACCESS-LIST but I still got nothing. Any help would be appreciated..

mikewillis · ‎11-04-2009

Here is the running config.

Herbert Baerten · ‎11-05-2009

The address pool for your vpn clients overlaps your internal network:

ip local pool vpn_pool 192.168.10.1-192.168.10.10 mask 255.255.252.0

Try changing this (and the corresponding nat0 acl) to something like 172.16.0.1-10 (or 192.168.32.1-10 or whatever, as long as it does not overlap any other network).

If you still have a problem, check the ASA logs (Does it show phase 2 as complete, does it show any errors about your test traffic), and check the counters (encrypt, decrypt) on both the client and on the ASA ("show crypto ipsec sa"),

hth

mikewillis · ‎11-06-2009

Still nothing. This is starting to get frustrating. Its like the packets are entering the PIX but they aren't coming back through. I'm attaching some logs.