Cisco Support Community
Community Member

Problems with vpn from outside to inside , no nat

Hello all !

I'm having a funny issue that i can't seem to resolve. I have an ASA 5510 configured in routed mode (no nat). I have setup the vpn with access via software (SSL and IPSEC). in both cases the client connects fine to the vpn endpoint, and can ping the firewall. But the client (vpn, cannot connect to services or ping any inside hosts (trustedpc network, On the opposite the inside network can ping the client just fine.

when i run a packet tracer a get a very uninformative responce :


Phase: 6


Subtype: in

Result: DROP


Additional Information:

Forward Flow based lookup yields rule:

in  id=0xadb82170, priority=70, domain=svc-ib-tunnel-flow, deny=false

        hits=663, user_data=0x13000, cs_id=0x0, reverse, flags=0x0, protocol=0

        src ip/id=, mask=, port=0, tag=0

        dst ip/id=, mask=, port=0, tag=0, dscp=0x0

        input_ifc=outside, output_ifc=any

as mentionned, there is no nat and the the ACL is very simple :

object-group network EASYVPN_NETWORK

description VPN Network

network-object object EASYVPNV6

network-object object EASYVPN

object network EASYVPN


object-group service ICMPV4V6

service-object icmp

service-object icmp6

access-list outside_access_in extended permit object-group ICMPV4V6 any any

access-list outside_access_in extended permit ip object-group EASYVPN_NETWORK any

the ASA is running the following code :

Cisco Adaptive Security Appliance Software Version 9.1(2)

Any help is welcome.

CreatePlease to create content