Client VPN to ASA

Shervan Singh · ‎04-24-2006

Hello

This is my first try to terminate the VPN client at the ASA. I am able to authenticate, but no packets are decrypted/received. Config is below, any pointers are appreciated

access-list NONAT extended permit ip 172.16.0.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list 100 extended permit icmp any any echo-reply

ip local pool ADPOOL 172.16.0.0-172.16.0.50

global (outside) 1 interface

nat (dmz) 0 access-list NONAT

nat (dmz) 1 192.168.50.0 255.255.255.0

access-group 100 in interface outside

route outside 0.0.0.0 0.x.x.x.x.123.111 1

group-policy PIXENTRY internal

group-policy PIXENTRY attributes

vpn-idle-timeout 20

webvpn

username xxx password xxx encrypted

encrypted

authentication linkup linkdown coldstart

crypto ipsec transform-set TRANS esp-3des esp-md5-hmac

crypto dynamic-map DYN 1 set transform-set TRANS

crypto map MAP 10 ipsec-isakmp dynamic DYN

crypto map MAP interface outside

isakmp enable outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

tunnel-group PIXENTRY type ipsec-ra

tunnel-group PIXENTRY general-attributes

address-pool ADPOOL

tunnel-group PIXENTRY ipsec-attributes

pre-shared-key *

Fernando_Meza · ‎04-24-2006

If you are able to authenticate but nothing else, then it could be NAT traversal if your VPN client is behind a router doing NAT.

you need to enable NAT traversal on the ASA This is disabled by default:

isakmp nat-traversal 30

Please rate if you find this usefull

bastiaantopper · ‎06-14-2006

Thanks! This solved my problem!!!