Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn client + ISP services not allowing pass through ?

Hi all, I have a question regarding roadrunner ISP and vpn.

I currently have one remote user that is using road runner service as their ISP. When they access the VPN they establish connection to the asa 5510, but cannot access anything internally. When the remote user tries to access anything (internal site) from their browser they receive random search engine responses as if they were not even connected to the VPN.

The rest of our remote users (about 15) don't have this problem at all. The only common thing is this remote user in particular uses roadrunner services and I've heard issues where their services may not allow pass through?

I guess my question is, is this possible? Should I contact her ISP to see if this is such? I know how ISP like to pass the buck on things like this and point the finger back to my end...just want to make sure my end is ok. Is there anything I need to do on my end with my ASA?

Again...this one user is one else has this issue.



Re: vpn client + ISP services not allowing pass through ?

I am using Road Runner right now.  I don't think they block VPN traffic.  Is the ASA configured for NAT traversal?   Is it possible that this person's LAN address overlaps with LAN on the inside of your ASA?

New Member

Re: vpn client + ISP services not allowing pass through ?

First thanks for the reply slmansfield.

Yes , the asa is configured for NAT traversal. Addresses do not overlap either.


Re: vpn client + ISP services not allowing pass through ?

Is it possible that there is s device on the client side or on your central site side that could filter IPSEC traffic?

I have had other problems with my Road Runner connection.  Did you verify that there are no connectivity issues at this site?  If you are randomly getting to some sites but not others, perhaps it is due to a bad connection.

New Member

Re: vpn client + ISP services not allowing pass through ?

thanks again for the reply.

yes all internal sites are up and functional to all the remote users (we basically are a company that over 80% of the employees are remote lol) again..they are up or I'd be getting slammed (plus I checked them all from an outside remote system I have online off site).

Most of our users use comcast, bellsouth, verizon..etc. This is the only user with roadrunner, and I've heard of issues with them and vpn before...just never had my own issues until now.

Also I have nothing on my end (IDS or anything) to filter the user out. No acl's or anything. The users should have a clear path to our LAN upon connectivity.

The user does indeed have connection to their internet (we are able to establish a remote session to access the system we provided them over the internet with or without VPN)

That leaves the users internal set up and carrier services. User is going wireless through linksys, so my tech is clerifying that vpn pass through is checked on the wireless router...other than that. lol


Re: vpn client + ISP services not allowing pass through ?

I just meant that this specific site could have a connectivity problem.  VPN is more sensitive to connectivity issues than regular web access, and the symptom of intermittent issues with web access made me wonder if you have a connectivity issue at that remote site.

Also, wireless access would make a connectivity problem seem worse because signal strength can be a factor within the range of wireless access.

If the person could try wired acces for awhile to see if the problem continues to occur that would rule out the wireless setup.

You might also check the routing table of the PC before and after connecting to your central site, just to rule out routing confusion as the cause of this problem.


New Member

Re: vpn client + ISP services not allowing pass through ?

Once again Slmansfield thanks for the feedback. Everything helps, so keep it coming. I won't rule out trying anything as a possibility in the IT world. lol

We've informed the remote user to contact us (they are a few time zone behind us here) when they are available to do some troubleshooting at their location and also get Time Warner RR on the phone as well. 

I will keep you posted on what we find out. thanks again!