cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
0
Helpful
3
Replies

VPN Tunel UP, no transmission

lukasz.tarka
Level 1
Level 1

Topology

Branch Office:

Pix501 - ass hardware client

Lan 192.168.10.0 255.255.255.0

HQ

ASA5510 - VPN Server

Lan 192.168.0.0 255.255.252.0

Remote Users

VPN CLient 5

Address Pool 192.168.95.0 255.255.255.0

Hello, i have problem with VPN tunnel for Remote Users

I configure VPN1 and VPN2 tunnel using asdm ipsec wizzard

First tunnel for Branch called VPN1 (tunel i sup, communication bidirectional is ok, ping, smb,rdp all working).

Second tunnel VPN2 for remote users.

When user connecting to HQ using VPN Client 5, tunnel is on but client can't ping, smb, rdp local network in HQ.

But when i ping or rdp from local computer to remote user i can.

i attach asa config please help

3 Replies 3

mopaul
Cisco Employee
Cisco Employee

Hi,

If i understood it correct , then VPN clients connect fine on ASA. but they are neither able to ping nor able to do RDP/access internal resources.

I have reviewed the configuration,

RTP- Routing , Translation and Permissions seems to be OK.

Can you please make sure nat-t is turned ON ?

If you do not see it in " sh run all | in nat-t " , then please configure

crypto isakmp nat-traversal 20

and let me know if this helps.

If above does not help , then as a next step troubleshooting:-

Assuming that inside interface is a part of interesting traffic for VPN client.

-Turn on management-access inside

-Apply captures on inside interface of ASA.

-Run a continous ping from client to ASA's inside interface.

-Check the output for "show crypto ipsec sa", let me know if you see decrypts there.

-Also, reply with capture output taken on inside interface.

-output for show vpn-sessiondb remote.

You can refer the following document link to apply captures,

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml

Regards

Moh

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries

THX for your help, ASA configuration is OK, fortigate drop all packets

OK.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: