Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client connects successful but does not receive any Bytes

Hello experts,

My notebook with the VPN-Client connects successfully to the Easy VPN Server, a PIX Firewall 501.

But that is all. I cannot connect to any host behind the firewall. I have to start a Terminal services client and logon to the local Domain behind the firewall.

I carefully examined the example in Chapter 8 of the PIX manual "Managing VPN Remote Access".

And those are the differences:

1. In the manual there is an Access-List defined

access-list in_out_nat0_acl permit ip

( is the network address of the inside interface and 192.168.20.x is the address-room the vpn-client gets).

I do not have such an access-list definition, but a very similar one:

access-list outside_cryptomap_dyn_20 permit ip any

And this access-list is attached to a dynamic crypto-map via ...

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

... and the dynamic map is attached to a static map via ...

crypto map outside_map 65535 ipsek-isakmp dynamic outside_dyn_map

I think that the effect of the access-list-definition is the same as this of the manuals example?

2. I only have ONE nat statement:

nat (inside) 1 0 0

But in the manual there is another statement:

nat (inside) 0 access-list in_out_nat0_acl

Is this statement the lacking one?

3. I do not have a ...

isakmp key <VPN-Client-Password>

... but i have the following statement:

vpngroup VPN_Group_Name password <VPN-Client-Password>

.. and i think, this is the same, isn't it?

4. I do not have the following three statements:

vpngroup VPN_Group_Name dns-server

vpngroup VPN_Group_Name wins-server

vpngroup VPN_Group_Name default domain

... because i want the VPN Client to connect the Internet in parallel to the VPN Client at the remote site.

Therefore i defined an

access-list splitTunnelACL permit ip any

and attached it via ...

vpngroup VPN_Group_Name split-tunnel splitTunnelACL


No when i open the statistics screen after being connected via VPN Client and after calling the MS Terminalservices Client and trying to connect to, i see

Received Bytes: 0

Sent Bytes: 1406

Local LAN: Disabled ????

And the "Rote Details" page shows NO Local LAN Routes but the one Secured route

And the VPN -Adapter has no default gateway, but the local LAN of the notebook still has the local default gateway ( at the moment)

Can anyone out there tell me, what is wrong here?




Re: VPN Client connects successful but does not rece

Hi Richard,

Lookng at your posting I see one problem, the lack of a NAT 0 statement.

This entry is used to exclude the packets from your internal network back to the client from the NAT process. In your case these packets are being natted and passed out to the Internet not back down the tunnel. This why the client stats show 0 received bytes.

So, what is the address pool range you have defined?

Its this range that needs to go in the NAT 0 ACL.

access-list NAT0-ACL permit ip any

nat (inside) 0 access-list NAT0-ACL

Hope this helps,


New Member

Re: VPN Client connects successful but does not rece

YES IT HELPED !!!!!!!!!!!!!!

I thank you so much for your help.

The problem is solved!!!!

Thank you again!!!!!

Yours truly,


CreatePlease login to create content