Solved: Re: VPN client connects but no IP traffic is being passed...

nick.helms · ‎05-08-2006

I have a user in a hotel, his laptop has been working fine on remote connections previously, he gets the padlock when he connects but no IP traffic is being passed. If he pings he gets "host unreachable". I'm thinking he is behind a hotel firewall but anything else I can check to confirm? I was going to make the newest client available to him via download (internet access works fine), he's running a 4.7 version. I've also tested his connection profile on an a test box and it worked fine.

Fernando_Meza · ‎05-08-2006

mm ... if he is able to authenticate then I don't think it coulkd be blocked .. double check you are using have nat traversal enabled on your PIX ..

isakmp nat-traversal 20

I hope it helps ... please rate it if it does !!!

View solution in original post

m.sir · ‎05-08-2006

Iam affraid problem is on hotels firewall. He needs to have open UDP ports 500 a 4500 and ESP protocol (number 50)..

Fernando_Meza · ‎05-08-2006

mm ... if he is able to authenticate then I don't think it coulkd be blocked .. double check you are using have nat traversal enabled on your PIX ..

isakmp nat-traversal 20

I hope it helps ... please rate it if it does !!!

nick.helms · ‎05-09-2006

That fixed it, thanks!

yakspeaks · ‎05-10-2006

I have a similiar issue with 2 users who use VPN V4.0.4 for two users in Canada. They are able to authenticate into our domain but cannot access any of our servers, and network drives. They are able to gain access to other websites; just not our network resources. Will this help?

yakspeaks · ‎05-10-2006

Update,

I was able to connect onto the machines remotely. I verified that they received our ip/dns... but could not get to our network exchange server or portal. The firewall was off and we do not run PIX on our side.

Fernando_Meza · ‎05-10-2006

mmm .. are you saying that those users do or don't have cisco vpn client v.4 XX..?

Are you saying that you do or don't use a PIX to terminate those remote connections ..?

If you don't use a PIX .. what device do you use for terminating the VPN connections ..?

alouette · ‎06-27-2007

Hi have the same problem but im using a VPN3000. I not hable to put thiscommand:isakmp nat-traversal 20

hholtzclaw · ‎07-02-2007

I have a similar issue. I have a vendor that is using client 4.8.0 and has no issues connecting to our 3005 concentrator. However, when he connects to our new asa5520 (from his office) he gets a connection, but can't ping or RD to the servers. The real strange part is if he takes his laptop home, he can connect to the asa5502 and use RD to the servers. Any suggestions will be appriciated.

acomiskey · ‎07-02-2007

hholtzclaw, probably same issue as fernando mentioned earlier in the post. Enable nat-t.

isakmp nat-traversal or

crypto isakmp nat-traversal

jason.tam · ‎07-05-2007

Try adding this on your pix.

fixup protocol esp-ike

jason.tam · ‎07-06-2007

This explains it in more details..

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K18056497