Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
5
Helpful
5
Replies

VPN Client work or doesnt work, Weird!!!

jolo07310
Level 5
Level 5

‎12-18-2006 07:31 PM

Hi,

ASA5520 7.2

We have some users complaint that they can login by using VPN Cleint, but they could not access inside network at all.

I tested myself to use my home cable modem network, I can log in, but could not access network.

However, I use Verizon wireless card, it works.

We even try to use different ISP at ASA, it still have same result.

Anyone has idea???

Labels:
0 Helpful
5 Replies 5

spremkumar
Level 9
Level 9

‎12-18-2006 11:04 PM

Hi

Did you check about the ip address allocation with different login ?

Also can you post out the config here ...

regds

0 Helpful

genalysis
Level 1
Level 1
In response to spremkumar

‎12-19-2006 08:56 PM

Hi,

I have a similar problem. I have a feeling its to do with routing?

I have a cisco vpn client(ver. 4.8.01.0300), sitting on a remote DSL network. When the user initiates the connection to the ASA, they get a login as expected and that all works. But when they begin to use the VPN for internal access to the network behind the ASA, nothing works? Pings time out, and tracert to something behind the ASA dies after 10 hops, finding nothing. I think the packets are not going through the VPN tunnel due to routing? I.e. the packets are going out to the internet and obviously being lost?]

Can someone help?

Greg.

0 Helpful

alhazmi
Level 1
Level 1
In response to genalysis

‎12-20-2006 03:50 PM

hi..

I faced the same problem. The only solution "for the time being" is to switch to IPSec over TCP instead of the default IPSec over UDP.

you can do that when you:

- right-click on your connection entry

- go to the transport tab

- click on IPSec over TCP

Hani.

0 Helpful

kamal-learn
Level 4
Level 4

‎12-20-2006 06:38 PM

hi

if you are using AH, automaticaly nat will break it does not work!!

go with ESP in your transform-set, but if you are using PAT even ESP will not work since it have no port in its header, u can use IPSEC with TCP or UDP . the port i think 10000 the default.

if a problem of routing you have to implement RRI , reverse route injection which help the easyVPN server in this case the ASA to add entries for the EASYVPN remotes that are in this case VPN CLIENT software.

do a lookup in he subject RRI.

HTH

please do rate if it does clarify

jmaness
Level 1
Level 1

‎12-21-2006 07:27 AM

Have you tried reducing the clients MTU to a lower value. We used the 1300 value under the Cisco VPN client for set MTU.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents