Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN VPN Client tunnel established but no decrypted packets on client

I have one VPN client who is unable to pass any traffic. All other users are fine.

- The VPN is established.

-On the ASA I can see packets being encrypted and decrypted.

- On the client I see packets being encrypted but zero packets being decrypted.

- I have checked the 2 dhcp addresses being assigned to the client, 1 is a 10.0.0.0 address from his bradband router and the other is a 192.168. address from the ASA VPN IP pool of addresses.

Any ideas as I am completely stumped!

  • Other Security Subjects
4 REPLIES
Cisco Employee

Re: VPN VPN Client tunnel established but no decrypted packets o

Daniel,

First and foremost, have this specific VPN User connect to your VPN Server using a dial up. If the user is able to access your LAN through the VPN Tunnel, then we know for sure that there is nothing wrong with the VPN Client, PC and the VPN Server Configuration.

Then, have the same user connect through the broadband router. If your see encrypts on the client side and encrypts/decrypts on the VPN Server, then most likely there is a firewall that is blocking traffic.

Is the user using IPSEC, IPSEC Over UDP or IPSEC Over TCP. If IPSEC, then Protocol 50 is most likely blocked by a firewall. If IPSEC Over TCP or IPSEC Over UDP, then check with the user's ISP to make sure that UDP Port 10000 or TCP Port 4500 is not blocked.

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: VPN VPN Client tunnel established but no decrypted packets o

The issue was the ASA did not have IPSEC over Nat enabled. All working now. Thanks for the help.

Cisco Employee

Re: VPN VPN Client tunnel established but no decrypted packets o

Daniel,

Thanks for the update! Glad its working.

Regards,

Arul

New Member

Re: VPN VPN Client tunnel established but no decrypted packets o

One thing to check is that NAT-T is enabled, a symptom we have seen is that the tunnel can be established but the client cannot decrypt traffic. Sometimes this problem resolves itself after 180seconds and packets start to get decrypted at the client. If we enable NAT-T this problem gets resolved immediately.

2085
Views
0
Helpful
4
Replies