Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA and Cisco VPN question

I am having an issue on a new ASA. I am able to connect to the customer?s network using the Cisco VPN client, but I am not able to PING or access anything on the customers network. What needs to be done to fix this???

There is a route on the customer?s router pointing back to the firewall for the IP range you get when you VPN in?

Thanks,

Chris

2 ACCEPTED SOLUTIONS

Accepted Solutions
Green

Re: ASA and Cisco VPN question

try adding to ASA...this is disabled by default

isakmp nat-traversal

Green

Re: ASA and Cisco VPN question

Thanks, please rate.

No, it is needed for pix as well. ASA 7.2, the command is "crypto isakmp nat-traversal".

It is necessary if vpn client is connecting behind nat. Allows ipsec to be encapsulated in udp port 4500. The transport tab I mentioned is in the connection entry properties, if you click modify. You will see enable transparent tunneling over udp.

6 REPLIES
Green

Re: ASA and Cisco VPN question

The config of the ASA would help. Without the config we can only guess, usually this is a nat-t issue. Make sure in vpn client config on the transport tab that you have "Enable transparent tunneling" checked.

New Member

Re: ASA and Cisco VPN question

I have attached the config for the ASA.

I don't see a transport tab on my VPN client...

Thanks,

Chris

Green

Re: ASA and Cisco VPN question

try adding to ASA...this is disabled by default

isakmp nat-traversal

New Member

Re: ASA and Cisco VPN question

That fixed it! You are the man!!

Is this something new you have to do for the ASA?

Thanks again,

Chris

Green

Re: ASA and Cisco VPN question

Thanks, please rate.

No, it is needed for pix as well. ASA 7.2, the command is "crypto isakmp nat-traversal".

It is necessary if vpn client is connecting behind nat. Allows ipsec to be encapsulated in udp port 4500. The transport tab I mentioned is in the connection entry properties, if you click modify. You will see enable transparent tunneling over udp.

New Member

Re: ASA and Cisco VPN question

I understand now...

Thank you very much for all of your help with this!!!!

121
Views
0
Helpful
6
Replies