Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Client VPN to ASA


This is my first try to terminate the VPN client at the ASA. I am able to authenticate, but no packets are decrypted/received. Config is below, any pointers are appreciated

access-list NONAT extended permit ip

access-list 100 extended permit icmp any any echo-reply

ip local pool ADPOOL

global (outside) 1 interface

nat (dmz) 0 access-list NONAT

nat (dmz) 1

access-group 100 in interface outside

route outside 0.x.x.x.x.123.111 1

group-policy PIXENTRY internal

group-policy PIXENTRY attributes

vpn-idle-timeout 20


username xxx password xxx encrypted


authentication linkup linkdown coldstart

crypto ipsec transform-set TRANS esp-3des esp-md5-hmac

crypto dynamic-map DYN 1 set transform-set TRANS

crypto map MAP 10 ipsec-isakmp dynamic DYN

crypto map MAP interface outside

isakmp enable outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

tunnel-group PIXENTRY type ipsec-ra

tunnel-group PIXENTRY general-attributes

address-pool ADPOOL

tunnel-group PIXENTRY ipsec-attributes

pre-shared-key *


Re: Client VPN to ASA

If you are able to authenticate but nothing else, then it could be NAT traversal if your VPN client is behind a router doing NAT.

you need to enable NAT traversal on the ASA This is disabled by default:

isakmp nat-traversal 30

Please rate if you find this usefull

New Member

Re: Client VPN to ASA

Thanks! This solved my problem!!!

CreatePlease to create content