Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco Remote VPN client Issue

Unanswered Question
Jul 15th, 2010
User Badges:

Hello Experts,

I have just setup a remote VPN on Cisco ASA Firewall of SITE A which is working fine from outside network but when i try to connect with VPN from SITE B whereon the Cisco ASA firewall is also deployed then it doesn't work.

I allow only internal n/w of SITE A if i connect with remote VPN of SITE A from o/s n/w. For the troubleshooting perspective, I permited the IP protocol for the remote HOST IP then I could be able to connect with from SITE B Internal network but when i try to connect the servers located at Internal environment of SITE A then I am not able to reach them.

Can you pls. suggest the steps in sequence to troubleshoot this issue?


Vinay Gupta

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kevin Redmon Thu, 07/15/2010 - 06:27
User Badges:
  • Cisco Employee,


1.) Confirm that the Remote VPN is up.

2.) Within the VPN Client, confirm which IP address you are assigned from the VPN IP Pool.

3.) Perform a packet capture on the inside interface of SITE A.  When you try to connect to a server at Site A, you should see a SYN (Client->Server), SYN-ACK (Server->Client), ACK (Client->Server) to setup the TCP connection.  Reference the link below on how to perform and view packet captures:


4.) If you see only the SYN packet egress the inside interface of the ASA towards the server, you will need to investigate the routing between the server and the IP address as assigned to the VPN Client.

One command that may come into play here is 'reverse-route'.  This keyword, appended to the end of the 'crypto dynamic-map' entry will inject the route of the client into any upstream dynamic routing processes, allowing the return traffic to be received by the client.


Let me know if this helps!

Best Regards,



This Discussion