Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn client problem


i have a little ipsec vpn client problem.

If i connect from my home network to the company network the monitoring shows a connection with "IKE IPsecOverNatT" and i`m able to connect to the servers and so on.

But if i connect from a notebook with a mobile internet connection the monitoring shows a connection with "IKE IPsec" and i`m not able to connect to any service inside the vpn. Is this a ASA problem or is this a mobile internet connection (provider) problem



Cisco Employee

Re: vpn client problem

Sounds like the provider problem if you can connect from your home network, that means it's not an ASA configuration issue as NAT-T has been enabled.

From your home network, it correctly encapsulates the ESP packet into NAT-T packet (normally UDP/4500).

From your mobile internet connection, it seems like they are not PATing the traffic hence the ASA does not detect a NAT device in between, hence using the ESP protocol, which seems to be blocked by the mobile internet provider if you can't access anything on the ASA inside network (this is assuming that your VPN stats are showing that traffic is getting encrypted) and on the ASA stats (show cry ipsec sa), there are no decrypt packets.

New Member

Re: vpn client problem

Thanks Jen. I`ll contact the provider.