Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.


VPN Client work or doesnt work, Weird!!!


ASA5520 7.2

We have some users complaint that they can login by using VPN Cleint, but they could not access inside network at all.

I tested myself to use my home cable modem network, I can log in, but could not access network.

However, I use Verizon wireless card, it works.

We even try to use different ISP at ASA, it still have same result.

Anyone has idea???


Re: VPN Client work or doesnt work, Weird!!!


Did you check about the ip address allocation with different login ?

Also can you post out the config here ...


New Member

Re: VPN Client work or doesnt work, Weird!!!


I have a similar problem. I have a feeling its to do with routing?

I have a cisco vpn client(ver., sitting on a remote DSL network. When the user initiates the connection to the ASA, they get a login as expected and that all works. But when they begin to use the VPN for internal access to the network behind the ASA, nothing works? Pings time out, and tracert to something behind the ASA dies after 10 hops, finding nothing. I think the packets are not going through the VPN tunnel due to routing? I.e. the packets are going out to the internet and obviously being lost?]

Can someone help?


New Member

Re: VPN Client work or doesnt work, Weird!!!


I faced the same problem. The only solution "for the time being" is to switch to IPSec over TCP instead of the default IPSec over UDP.

you can do that when you:

- right-click on your connection entry

- go to the transport tab

- click on IPSec over TCP



Re: VPN Client work or doesnt work, Weird!!!


if you are using AH, automaticaly nat will break it does not work!!

go with ESP in your transform-set, but if you are using PAT even ESP will not work since it have no port in its header, u can use IPSEC with TCP or UDP . the port i think 10000 the default.

if a problem of routing you have to implement RRI , reverse route injection which help the easyVPN server in this case the ASA to add entries for the EASYVPN remotes that are in this case VPN CLIENT software.

do a lookup in he subject RRI.


please do rate if it does clarify

New Member

Re: VPN Client work or doesnt work, Weird!!!

Have you tried reducing the clients MTU to a lower value. We used the 1300 value under the Cisco VPN client for set MTU.