Cisco ASA5510 Remote VPN - no client traffic through VPN

Unanswered Question

We have a Cisco ASA5510 which is currently just setup to allow a Citrix CAG through the firewall.. but would like to expand and allow remote VPN users to connect (using the Cisco vpn client).

I have gotten the config to a point but I am unable to ping/tracert or browse to any clients (using IP address, not worried about dns name) on the 192.168.110.x network (apart from accessing the Citrix CAG, the 192.168.1.x network isn't used)

I am a relative Cisco newbie so please be gentle. I've tried the logging console 7 command and can see discarded udp from 172.30.100.x to interface outside which confused a little.. In the VPN client statistics the encrypted packet total increments but never the decrypted. I'm assuming there is an ACL missing or not configured right or maybe NAT?? Current run config is attached.

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Tue, 09/14/2010 - 09:22


Care to show exct error you're getting?

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_20.20

You don't need this unless you're trying to do L2L with dynamic peer.


Nota bene - 7.0 train ... ouch

Hi Marcin,

Thank you for the reply. I have removed the crypto dynamic-map line and the corresponding acl from the config in the asa.

I've attached a copy of the logging console 7 - I just started the logging, connected the remote vpn client, ran a ping to (4 timeouts) then opened windows explorer and typed \\ into address bar (didn't connect just timed out) and disconnected the vpn client. The remote IP the client is connecting from is in the log.

Marcin Latosiewicz Tue, 09/14/2010 - 13:11


All I can see is connections built by ASA and timing out waiting for SYN ACK.

Are you sure that the ASA is the default gatewat for this particular subnet?



This Discussion