Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can connect to IPSec VPN but can't see internal network

I have several users that can connect to our VPN ussing IPSec on a 5505. I have one user that can connect, but cannot see the internal network. This user is using DSL with a speedstream 4100. However, I have another user with the same setup that can connect and see the internal network. The logs in ASDM show the connection, but don't seem to show any errors when trying to access internal. Any help will be greatly appreciated. Thanks, Bill.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Green

Re: Can connect to IPSec VPN but can't see internal network

Add..

crypto isakmp nat-traversal

Re: Can connect to IPSec VPN but can't see internal network

No it does not. It just negotiates to see if there is any NAT in the transit path (by using HASH values), if the hashes are not equal it encapsulates the IPSEC traffic inside UDP 4500. The VPN is still as secure as it is before.

Regards

Farrukh

7 REPLIES

Re: Can connect to IPSec VPN but can't see internal network

Are you using split tunneling/local lan access?

Are both Clients seeing the same routes in their VPN Client >> Routes window?

Have you tried to compare the 'route print' output of both machines after the VPN has been established?

Are both machines using Same OS/PATCH level?

Regards

Farrukh

New Member

Re: Can connect to IPSec VPN but can't see internal network

using split tunneling. can't get local lan access to work on client side even if checked on the transport tab.

it only shows 0.0.0.0 0.0.0.0 for network/subnet under secured routes.

i will check the route print stats.

same os and patch levels.

Thanks,

bill

Re: Can connect to IPSec VPN but can't see internal network

Please have a look at the following two links, please note you can use only ONE of them at a time:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

Your output should match the VPN CLient >> Statistics >> Route details mentioned on these links, based on what you want to configure (Local LAN OR Split-tunneling)

Regards

Farrukh

New Member

Re: Can connect to IPSec VPN but can't see internal network

now i have setup antoher user, and the same thing happens. connection established, but no access to internal net. i have three users who can access internal net and two that cannot. can you please take a look at my config and see if there is anything wrong? Thanks, Bill

Green

Re: Can connect to IPSec VPN but can't see internal network

Add..

crypto isakmp nat-traversal

New Member

Re: Can connect to IPSec VPN but can't see internal network

crypto isakmp nat-traversal worked for one user, and i am going to try the other.

but does this pose any security risks?

Re: Can connect to IPSec VPN but can't see internal network

No it does not. It just negotiates to see if there is any NAT in the transit path (by using HASH values), if the hashes are not equal it encapsulates the IPSEC traffic inside UDP 4500. The VPN is still as secure as it is before.

Regards

Farrukh

661
Views
0
Helpful
7
Replies