VPN Client Connects but no Remote Network Access

Unanswered Question
Feb 14th, 2013

I have one user who is unable to Access Remote Network resources when connected to the VPN on his home network.  VPN shows connected and he is given a remote IP from the VPN Pool, but he cannot ping any IP on our network.  When connected using Sprint Wi-Fi card he is able to connect and access remote network from the same laptop.  Maybe there is some network overlap that I am missing. 

Please see attached firewall config (zzz... being firewall public IP) and remote user route table. 

ASA 5505

VPN Client 5.0.07.0290 

Your help is much appreciated.

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
CSCO11543336 Fri, 02/15/2013 - 10:51

Is the User Router table printed out while connectiong from Sprint or your network?  I would also start by comparing the user route table in both connection modes

jbeyer@nueske.com Fri, 02/15/2013 - 10:56

I believe the issue is with the ISP.  We are leveraging IPSEC on the VPN and it appears port 500 is being blocked on his end.  VPN Statstics are showing he is sending but not receiving.  We were told by his ISP to switch to a commercial internet account to resolve.

CSCO11543336 Fri, 02/15/2013 - 11:05

Based on your first post, the tunnel comes up.  That tells me udp port 500 is not blocked.

Andrew Phirsov Fri, 02/15/2013 - 11:17

Is everything correct with routing from your internal network back to the vpn address-pool subnet?

jbeyer@nueske.com Fri, 02/15/2013 - 12:28

Yes, I believe the routing is correct, VPN Statistics is showing Secured Routes to our two internal networks (172.20.0.0 and 172.30.0.0).  Tunnel Detail shows Bytes received but none Sent.  I don't believe there is any network overlap either, user is given a 74.195.255.0/24 address and we assign a 172.29.151.0/24 address from the VPN Pool.

I ran across this document https://supportforums.cisco.com/docs/DOC-10272, when I tested it failed on port 500. 

Actions

This Discussion