Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RA IPsec VPN configured but no traffic is sent or received (all traffic discarded as I see on VPN client software)

RA IPsec VPN configured but no traffic is sent or received (all traffic discarded as I see on VPN client software).

the firewall is 5540 with OS 7.1

VPN(config)# sh run
: Saved
ASA Version 7.1(2) 
hostname VPN
domain-name default.domain.invalid
enable password 9jNfZuG3TC5tCVH0 encrypted
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 
interface GigabitEthernet0/2
 no nameif
 no security-level
 no ip address
interface GigabitEthernet0/3
 no nameif
 no security-level
 no ip address
interface Management0/0
 no nameif
 no security-level
 ip address 
interface GigabitEthernet1/0
 no nameif
 no security-level
 no ip address
interface GigabitEthernet1/1
 no nameif
 no security-level
 no ip address
interface GigabitEthernet1/2
 no nameif
 no security-level
 no ip address
interface GigabitEthernet1/3
 no nameif
 no security-level
 no ip address
passwd 9jNfZuG3TC5tCVH0 encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list rbt_splitTunnelAcl extended permit ip any 
access-list inside_outbound_nat0_acl extended permit ip 
access-list outside_cryptomap_dyn_20 extended permit ip any 
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool rpool
no failover
icmp permit any outside
icmp permit any unreachable outside
icmp permit any echo outside
icmp permit any inside
icmp permit any unreachable inside
asdm image disk0:/asdm512-k8.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1
route outside 1
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy sar-group internal
group-policy sar-group attributes
 dns-server value
 vpn-idle-timeout 30
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value rbt_splitTunnelAcl
 default-domain value
 split-dns value 
username ggassim password p.8ZTPsRV8MuW4NM encrypted
http outside
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption des
isakmp policy 50 hash md5
isakmp policy 50 group 5
isakmp policy 50 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
isakmp nat-traversal  20
tunnel-group sar-group type ipsec-ra
tunnel-group sar-group general-attributes
 address-pool rpool
 default-group-policy sar-group
tunnel-group sar-group ipsec-attributes
 pre-shared-key *
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
 match default-inspection-traffic
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny 
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
service-policy global_policy global
: end


New Member

hello there, I discovered

hello there,


I discovered that it's a windows problem bcz when I issued " ipconfig /release" the vpn client works well.

Is there any fix for the problem as there are many users are not computer engineers and they need to use VPN client.

the following logs I toke from VPN client

1      11:53:48.318  04/18/14  Sev=Warning/2 IKE/0xE300008D
Split-DNS requires Split Tunneling and a primary DNS server
2      11:53:52.614  04/18/14  Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
3      11:53:52.614  04/18/14  Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: c0a8c003, Gateway: c0a8c001.
CreatePlease login to create content