VPN Tunel UP, no transmission

Unanswered Question
Nov 12th, 2009


Branch Office:

Pix501 - ass hardware client



ASA5510 - VPN Server


Remote Users

VPN CLient 5

Address Pool

Hello, i have problem with VPN tunnel for Remote Users

I configure VPN1 and VPN2 tunnel using asdm ipsec wizzard

First tunnel for Branch called VPN1 (tunel i sup, communication bidirectional is ok, ping, smb,rdp all working).

Second tunnel VPN2 for remote users.

When user connecting to HQ using VPN Client 5, tunnel is on but client can't ping, smb, rdp local network in HQ.

But when i ping or rdp from local computer to remote user i can.

i attach asa config please help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mopaul Sat, 11/14/2009 - 19:27


If i understood it correct , then VPN clients connect fine on ASA. but they are neither able to ping nor able to do RDP/access internal resources.

I have reviewed the configuration,

RTP- Routing , Translation and Permissions seems to be OK.

Can you please make sure nat-t is turned ON ?

If you do not see it in " sh run all | in nat-t " , then please configure

crypto isakmp nat-traversal 20

and let me know if this helps.

If above does not help , then as a next step troubleshooting:-

Assuming that inside interface is a part of interesting traffic for VPN client.

-Turn on management-access inside

-Apply captures on inside interface of ASA.

-Run a continous ping from client to ASA's inside interface.

-Check the output for "show crypto ipsec sa", let me know if you see decrypts there.

-Also, reply with capture output taken on inside interface.

-output for show vpn-sessiondb remote.

You can refer the following document link to apply captures,





This Discussion