04-24-2006 01:44 PM - edited 02-21-2020 02:22 PM
Hello
This is my first try to terminate the VPN client at the ASA. I am able to authenticate, but no packets are decrypted/received. Config is below, any pointers are appreciated
access-list NONAT extended permit ip 172.16.0.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list 100 extended permit icmp any any echo-reply
ip local pool ADPOOL 172.16.0.0-172.16.0.50
global (outside) 1 interface
nat (dmz) 0 access-list NONAT
nat (dmz) 1 192.168.50.0 255.255.255.0
access-group 100 in interface outside
route outside 0.0.0.0 0.x.x.x.x.123.111 1
group-policy PIXENTRY internal
group-policy PIXENTRY attributes
vpn-idle-timeout 20
webvpn
username xxx password xxx encrypted
encrypted
authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS esp-3des esp-md5-hmac
crypto dynamic-map DYN 1 set transform-set TRANS
crypto map MAP 10 ipsec-isakmp dynamic DYN
crypto map MAP interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
tunnel-group PIXENTRY type ipsec-ra
tunnel-group PIXENTRY general-attributes
address-pool ADPOOL
tunnel-group PIXENTRY ipsec-attributes
pre-shared-key *
04-24-2006 11:53 PM
If you are able to authenticate but nothing else, then it could be NAT traversal if your VPN client is behind a router doing NAT.
you need to enable NAT traversal on the ASA This is disabled by default:
isakmp nat-traversal 30
Please rate if you find this usefull
06-14-2006 01:50 AM
Thanks! This solved my problem!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide