We have a VPN 3005 Concentrator, running ver. 4.7. The user was able to login through the Cisco VPN client. However, when I looked at the Monitoring, Sessions, under Remote Access Sessions, Bytes Tx/Bytes RX. The Bytes are zeros. Does it mean there is no communication between the workstation and the VPN Concentrator? After a few minutes, the VPN Client is disconnected. Could it be that the firewall at the workstation is being blocked? Is there a way to troubleshoot this type of problem when the Bytes Transmitted and received are zeros? Thanks.
when you click the session under Remote Access Sessions, do you see an IPSec SA established?
we would need some logs from the 3000 for further troubleshotting the issue:
1. Goto Configuration->System->Events->Classes, add IKE, IKEDBG, IKEDECODE, IPSEC, IPSECDBG and IPSECDECODE with sevirities from 1-9 under events to log.
2. Goto Monitoring->Live Event Log and collect the logs and see whether Phase 2 COmpleted message appears or not.
if the phase 2 is complete then you have to check whether you can first ping the vpn client IP from the concentrator itself, if not try adding a static route for the client pool pointing to your default gateway of the 3000.
check whether vpn client pool is not conflicting with any other ipsec tunnel?
also check for routing behind 3000. there can be a firewall issue on the client side as well but you should be able to initiate traffic from the vpn client though.
paste the log here if you are not able to look into it and I can help you.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...