Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
1
Replies

Only single IP can connect to resources behind VPN

jwashburn
Level 1
Level 1

‎06-10-2010 01:28 PM

Clients from a small remote office are connecting to a VPN provided by a PIX 515 using Cisco VPN Clients.

The users are locked down to accesing a single machine behind the VPN.  This has been working for years.  Monday users at the remote office reported that only one user could access the server.  After troubleshooting it was determined that only one IP from the remote office can connect.  Not only 1 ip at a time, but a single IP.  If another user at the office puts that IP on his computer he can now access the server behind the VPN.

All clients connect ok, but for some reason only this IP can traverse the VPN.

During debugging show ipsec is showing the users that are not working are having problem decrypting packets

  #pkts encaps: 8, #pkts encrypt: 8, #pkts digest: 8
  #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

Any thoughts?

Labels:
0 Helpful
1 Reply 1

edadios
Cisco Employee
Cisco Employee

‎06-10-2010 08:06 PM

Can you provide the show ipsec statistics of both the client and the pix.

If the client show encrypt, and no decrypt, and if the pix do not show both encrypt and decrypt, and the connection is native ipsec (not using nat transparency), then it is likely that esp (protocol 50) is being filtered for the specific problem ip addreses.

Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents