Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco VPN Client to ASA 5505 with Cisco 1841 Router

Hello. I am trying to make a connection betweena a cisco vpn client software and a vpn server on an asa 5505 behind a 1841 router (internet adsl2+ and NAT router).

My topology is almost as follows

client-----tunnel-----1841---ASA---PC's

ASA is the vpn termination device (outside interface). I forward port 500 and 4500 udp on my router to the ASA and the tunnel comes up.I have exempted nat'ting both on the asa and the router for the ip's in the vpn dhcp pool.I can connect to my tunnel but i cannot "see" anything in the internal network.I have permitted all traffic from the outside to the inside sourcing from the vpn ip pool and still i send packages through the tunnel and i get nothing.I take a look at the statistics on the vpn client and i have 2597 bytes out (ping traffic) and there are no bytes in.Any idea?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cisco VPN Client to ASA 5505 with Cisco 1841 Router

Where you connected when you took the "show crypto ipsec sa"? if not then try it again, also this option enables IPSEC over UDP 4500 and it is disabled, please enable it

crypto isakmp nat-traversal

Just enter the command as it is, then try to connect again after enabling this option and get the same show output.

5 REPLIES

Re: Cisco VPN Client to ASA 5505 with Cisco 1841 Router

Depending of the version of ASA version you have NAT-T will be enabled or not, if you are running 8.0.4 then it should, if not then try to enable it. Also please get the show run and the show crypto ipsec sa from your ASA and post it here. When your client is connected please check whether transparent tunneling is active and what port is it working on?

Community Member

Re: Cisco VPN Client to ASA 5505 with Cisco 1841 Router

You can find the sh run output attached.As for ipsec sa's it says there are no sa'a.

Re: Cisco VPN Client to ASA 5505 with Cisco 1841 Router

Where you connected when you took the "show crypto ipsec sa"? if not then try it again, also this option enables IPSEC over UDP 4500 and it is disabled, please enable it

crypto isakmp nat-traversal

Just enter the command as it is, then try to connect again after enabling this option and get the same show output.

Community Member

Re: Cisco VPN Client to ASA 5505 with Cisco 1841 Router

crypto isakmp nat-traversal

Had done the "dirty" job.It pings and works fine now.Thanks a lot.

Cisco Employee

Re: Cisco VPN Client to ASA 5505 with Cisco 1841 Router

Enable 'management-access inside' on the ASA, and see if you can ping the inside interface of the ASA.

Is the ASA the default gateway for your internal devices? Is the ASA's internal interface on the same network that you are trying to get to?

Please enable logging:

logging buffered 6

Connect using the VPN client, then try accessing some resource. See if anything shows up in the log for denied traffic.

359
Views
0
Helpful
5
Replies
CreatePlease to create content