VPN client connecting but cant see any traffic

Unanswered Question
Nov 18th, 2006
User Badges:

dear all i have an ASA 5510

i have created vpn using ASDM and user from remote place is able to connect and he is getting one ip from the specified range pool. but there is no traffic flow please check the attached configuration and help.


i will rate all the posts.

Regds

Binoy



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ggilbert Mon, 11/27/2006 - 10:22
User Badges:
  • Cisco Employee,

I cant seem to download your config.


Can you please send me the output of the following from the ASA.


sh ip


sh run nat


sh run all tunnel-group


sh run all group-policy


ggilbert Tue, 11/28/2006 - 09:26
User Badges:
  • Cisco Employee,

Hi - I did download the config of your ASA and looked through to find if there is any misconfigurations.


1. It is advisble to use a different network range for IP pool rather than using the same internal network range.


Your internal network was 192.168.1.x/24

Your IP pool was 192.168.1.224/255.255.255.224


Use a different pool of networks - 192.168.2.0/24


2. Make sure you create the NO nat ACL.


access-l Inside_nat0_outbound per ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0


Let me know if this helps


- Rate it, if it helps -

danhosking Fri, 12/01/2006 - 02:19
User Badges:

I have a very simalar problem. I am seeing decrypted/encrypted packet on the ASA but zero decrypted packets on the client.

ggilbert Fri, 12/01/2006 - 09:35
User Badges:
  • Cisco Employee,

Make sure, there isnt any firewall that would block ESP traffic on the client side.


Thanks

Gilbert

danhosking Tue, 12/05/2006 - 22:09
User Badges:

The issue I had was that the ASA did not have IPSEC over Nat enabled. Check the global IKE parameters to enable this.

Actions

This Discussion