Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Cisco Remote VPN client Issue

Hello Experts,

I have just setup a remote VPN on Cisco ASA Firewall of SITE A which is working fine from outside network but when i try to connect with VPN from SITE B whereon the Cisco ASA firewall is also deployed then it doesn't work.

I allow only internal n/w of SITE A if i connect with remote VPN of SITE A from o/s n/w. For the troubleshooting perspective, I permited the IP protocol for the remote HOST IP then I could be able to connect with from SITE B Internal network but when i try to connect the servers located at Internal environment of SITE A then I am not able to reach them.

Can you pls. suggest the steps in sequence to troubleshoot this issue?


Vinay Gupta

Cisco Employee

Re: Cisco Remote VPN client Issue


1.) Confirm that the Remote VPN is up.

2.) Within the VPN Client, confirm which IP address you are assigned from the VPN IP Pool.

3.) Perform a packet capture on the inside interface of SITE A.  When you try to connect to a server at Site A, you should see a SYN (Client->Server), SYN-ACK (Server->Client), ACK (Client->Server) to setup the TCP connection.  Reference the link below on how to perform and view packet captures:

4.) If you see only the SYN packet egress the inside interface of the ASA towards the server, you will need to investigate the routing between the server and the IP address as assigned to the VPN Client.

One command that may come into play here is 'reverse-route'.  This keyword, appended to the end of the 'crypto dynamic-map' entry will inject the route of the client into any upstream dynamic routing processes, allowing the return traffic to be received by the client.

Let me know if this helps!

Best Regards,


CreatePlease to create content