Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Only single IP can connect to resources behind VPN

Clients from a small remote office are connecting to a VPN provided by a PIX 515 using Cisco VPN Clients.

The users are locked down to accesing a single machine behind the VPN.  This has been working for years.  Monday users at the remote office reported that only one user could access the server.  After troubleshooting it was determined that only one IP from the remote office can connect.  Not only 1 ip at a time, but a single IP.  If another user at the office puts that IP on his computer he can now access the server behind the VPN.

All clients connect ok, but for some reason only this IP can traverse the VPN.

During debugging show ipsec is showing the users that are not working are having problem decrypting packets

  #pkts encaps: 8, #pkts encrypt: 8, #pkts digest: 8
  #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

Any thoughts?

Cisco Employee

Re: Only single IP can connect to resources behind VPN

Can you provide the show ipsec statistics of both the client and the pix.

If the client show encrypt, and no decrypt, and if the pix do not show both encrypt and decrypt, and the connection is native ipsec (not using nat transparency), then it is likely that esp (protocol 50) is being filtered for the specific problem ip addreses.