Remote Access VPN - Unable to access Internal resources

Unanswered Question
Jan 27th, 2010

Hi Experts,

I have a situation with client site where they would to implement remote access VPN. The issue is that i am able to authenticate but cannot get access to internal resources.  I am using VPN client 5.0

See attached ASA configuration.

Thanks in advance,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pudawat Thu, 01/28/2010 - 17:24

HI ,

I agree with jorge,

config seems to be fine

Just enable (config)#crypto isakmp nat-t

and check connectivity

also check whether (config)#sysopt connection permit vpn is there in the config



dialondemand Sat, 01/30/2010 - 08:15


Thanks for your prompt response. I have included both commands advised in all replies but no success. I noted the when I check for 'ipsec sa' statistics on the ASA, the packet are getting decrypted  BUT not encrypted. I am wondering if this is a good clue??

Many thanks again.

JORGE RODRIGUEZ Sat, 01/30/2010 - 22:56

Could you post output of what you have seen on  the ipsec sa..

while the vpn client is connected post output of

show crypto ipsec sa

also provide output of   show vpn-sessiondb remote

Please also load  your ASA  ASDM real time log  and observe log while RA client pings hosts on the inside .

make sure that the system the  RA client is trying to access  on the inside  network  do not have firewall turned on such as Windows firewalls etc.


pudawat Sun, 01/31/2010 - 08:39

HI ,

It seems that the packets are not getting encrypted from the ASA itself as you are only seeing decrypts counts but no encrypt count!

The issue is likely to be with Routing or NAT-ing on the ASA

Just do a packet tracer from any internal ip to the VPN pool IP and checdk where the packet is getting dropped?

packet-tracer input inside icmp 192.168.1.x 0 8 192.168.2.x det

paste the output of this command or you can also do it from GUI??




This Discussion