Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Need Help To Troubleshoot Weird IPSEC Outbound VPN Problem On ASA5510

LAN A -- ASA5510 -- Internet -- Firewall -- LAN B

1) Client at LAN A use cisco vpn client to setup vpn tunnel to LAN B. VPN is established successfully and manage to get the ip address from the LAN B. But the client not able to ping & Remote Desktop Connection to LAN B network server

LAN A -- xxx -- Internet -- Firewall -- LAN B

2) Shut down & remove the ASA5510, client at LAN A able to established the vpn tunnel to LAN B.This time, the client is able to ping & remote desktop connection to LAN B server.

LAN A -- ASA5510 -- Internet -- Firewall -- LAN C

3) With the same ASA5510 and no configuration change at all, client at LAN A use cisco vpn client to setup tunnel to LAN C. VPN tunnel is successfully established and client able to ping & remote desktop connection to LAN C.

In summary, existing ASA5510 configuration is working fine and no problem at all for the outbound tunnel to LAN C. It only got problem on the vpn tunnel to LAN B.Weird things here is the VPN tunnel to LAN B is established successfully.But the client not able to ping & remote desktop connection to LAN B server.

Current ASA5510 is running on version 8.2(1).

3 REPLIES
Green

Re: Need Help To Troubleshoot Weird IPSEC Outbound VPN Problem O

Most likely, the firewall at LAN B is not allowing nat-traversal. When you connect, check your vpn client status and see if transparent tunneling is active. If not, then enable nat-t at LAN B firewall.

New Member

Re: Need Help To Troubleshoot Weird IPSEC Outbound VPN Problem O

Thanks for your reply!

First, i would like to say i dont have any control on the firewall B. Second,if the vpn tunnel to LAN B is successfuly established,does it meant that nat-t at firewall B already enable?

Thanks

Sam

Re: Need Help To Troubleshoot Weird IPSEC Outbound VPN Problem O

Sam,

As Adam had indicated in his post.. that is one of the behaviour of nat-t not being enabled on LAN-B fw. Client connecting and authenticating successfully to the tunnel but unable to connect to any inside resources is a common symptom of nat-t..ask admin in LAN-B firewall to ensure nat-t is enabled on that side.. to rule out that that could be the problem..

if nat-t is indeed enabled on that side you will have to do some debuging on LAN-B side firewall or at least look at some logs while trying to access their resources to provide some clues of what could be the issue.

Rgds

149
Views
0
Helpful
3
Replies
CreatePlease to create content