Imartino,

I got rid of those 2 commands using:

no global (outside) 1 interface

no nat-control

But still the same problem.

Please get the show service-policy and the logs when the client is trying to pass traffic.

Result of the command: "show service-policy"

Interface outside:

Service-policy: test-udp-policy

Class-map: test-udp-class

Inspect: ipsec-pass-thru pol-type1, packet 42, drop 0, reset-drop 0

Result of the command: "show conn"

9 in use, 12 most used

AH outside 0.0.0.0 inside 0.0.0.0, idle 0:11:52, bytes 0

ESP outside 0.0.0.0 inside 0.0.0.0, idle 0:11:52, bytes 0

ESP outside 192.168.34.7 inside 10.47.200.5, idle 0:01:01, bytes 12592

AH outside 192.168.34.7 inside 10.47.200.5, idle 0:11:52, bytes 0

ESP outside 192.168.34.7 inside 10.47.200.5, idle 0:11:52, bytes 0

UDP outside 192.168.34.7:500 inside 10.47.200.5:500, idle 0:01:01, bytes 3431, flags -

Do you get any drops on the logs?

No I don't see any drops on the log. This problem is killing me. I thought it would be simple.

Can you change the acess-list to include IP rather than udp.

I allowed ip traffic instead of udp. Still no success.

Hi,

Could you connect your laptop to the outside network and ensure that it's working without passing through ASA ?

1. with the no nat-control you don't need the static statement, so can you remove it also.

2.in second test if you keep the static Identity, use nat exemption instead (I already experienced problem related to that).

Regards