Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote Access VPN - Unable to access Internal resources

Hi Experts,

I have a situation with client site where they would to implement remote access VPN. The issue is that i am able to authenticate but cannot get access to internal resources.  I am using VPN client 5.0

See attached ASA configuration.

Thanks in advance,

5 REPLIES

Re: Remote Access VPN - Unable to access Internal resources

Looking at your RA  config briefly looks fine,  you may need to enable nat transparency.

add this to your config .

(config)#crypto isakmp nat-traversal


reference this link for future

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution01

Regards

New Member

Re: Remote Access VPN - Unable to access Internal resources

HI ,

I agree with jorge,

config seems to be fine

Just enable (config)#crypto isakmp nat-t

and check connectivity

also check whether (config)#sysopt connection permit vpn is there in the config

Regards,

Pradhuman

New Member

Re: Remote Access VPN - Unable to access Internal resources

Hi,,

Thanks for your prompt response. I have included both commands advised in all replies but no success. I noted the when I check for 'ipsec sa' statistics on the ASA, the packet are getting decrypted  BUT not encrypted. I am wondering if this is a good clue??

Many thanks again.

Re: Remote Access VPN - Unable to access Internal resources

Could you post output of what you have seen on  the ipsec sa..

while the vpn client is connected post output of

show crypto ipsec sa

also provide output of   show vpn-sessiondb remote

Please also load  your ASA  ASDM real time log  and observe log while RA client pings hosts on the inside .

make sure that the system the  RA client is trying to access  on the inside  network 192.168.1.0  do not have firewall turned on such as Windows firewalls etc.

Rgds

New Member

Re: Remote Access VPN - Unable to access Internal resources

HI ,

It seems that the packets are not getting encrypted from the ASA itself as you are only seeing decrypts counts but no encrypt count!

The issue is likely to be with Routing or NAT-ing on the ASA

Just do a packet tracer from any internal ip to the VPN pool IP and checdk where the packet is getting dropped?

packet-tracer input inside icmp 192.168.1.x 0 8 192.168.2.x det

paste the output of this command or you can also do it from GUI??

Thanks,

Pradhuman

386
Views
0
Helpful
5
Replies
CreatePlease to create content