Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Tunel UP, no transmission

Topology

Branch Office:

Pix501 - ass hardware client

Lan 192.168.10.0 255.255.255.0

HQ

ASA5510 - VPN Server

Lan 192.168.0.0 255.255.252.0

Remote Users

VPN CLient 5

Address Pool 192.168.95.0 255.255.255.0

Hello, i have problem with VPN tunnel for Remote Users

I configure VPN1 and VPN2 tunnel using asdm ipsec wizzard

First tunnel for Branch called VPN1 (tunel i sup, communication bidirectional is ok, ping, smb,rdp all working).

Second tunnel VPN2 for remote users.

When user connecting to HQ using VPN Client 5, tunnel is on but client can't ping, smb, rdp local network in HQ.

But when i ping or rdp from local computer to remote user i can.

i attach asa config please help

3 REPLIES
Bronze

Re: VPN Tunel UP, no transmission

Hi,

If i understood it correct , then VPN clients connect fine on ASA. but they are neither able to ping nor able to do RDP/access internal resources.

I have reviewed the configuration,

RTP- Routing , Translation and Permissions seems to be OK.

Can you please make sure nat-t is turned ON ?

If you do not see it in " sh run all | in nat-t " , then please configure

crypto isakmp nat-traversal 20

and let me know if this helps.

If above does not help , then as a next step troubleshooting:-

Assuming that inside interface is a part of interesting traffic for VPN client.

-Turn on management-access inside

-Apply captures on inside interface of ASA.

-Run a continous ping from client to ASA's inside interface.

-Check the output for "show crypto ipsec sa", let me know if you see decrypts there.

-Also, reply with capture output taken on inside interface.

-output for show vpn-sessiondb remote.

You can refer the following document link to apply captures,

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml

Regards

Moh

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
New Member

Re: VPN Tunel UP, no transmission

THX for your help, ASA configuration is OK, fortigate drop all packets

Bronze

Re: VPN Tunel UP, no transmission

OK.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
192
Views
0
Helpful
3
Replies
CreatePlease to create content