Recently setup ASA 5505 as Firewall and easy VPN server. Everything seems to be fine except that remote vpn users can't ping any users on the local LAN. Their Internet connection by the way is Static PPPOE and no default gateway was given by the ISP. Internet connection is fine though. Checking Routing tables after establishing VPN shows a route towards the remote vpn users. One more thing "show isakmp sa" shows no decaps occuring, only encaps.Have attached the config for reference. Any advice is really appreciated.
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
sysopt connection permit-vpn
can u please attach the show tech so that we can take a look at the ipsec sa
also can you see in the vpn client routing table if you see the routes, and also do you see any packet transmitted in the statistics on the vpn client
also you can check with your ISP if in case they have port 4500 blocked in 1 direction
Also as additional troubleshooting, you can run wireshark on your PC and see if you PC is getting and sending packets on 4500, and also you can apply captures on firewall outside interface and see you are recieving and sending data on port 4500
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...