cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
634
Views
0
Helpful
9
Replies

Cant connect inside with VPN client to ASA 5505

lumilux69
Beginner
Beginner

Hello,

I can establish a vpn connection to ASA 5505 but can not reach the inside network at 3 from 4 remote sites. Only on one site the connection ist working properly. On the other 3 sites I am able to connect to other VPN gateways e.g PIX 501

Thanks for help

Michael

1 Accepted Solution

Accepted Solutions

husycisco
Rising star
Rising star

Michael I found what is missing after re-checking your config. Add the following

isakmp nat-traversal 20

Regards

View solution in original post

9 Replies 9

husycisco
Rising star
Rising star

Hi Michael

Please post your config, is this site-to-site or Remote access vpn?

it is remote VPN. here the config is atached.

thank you

husycisco
Rising star
Rising star

Config looks OK. The working connection in one site is also a clue for this. Other 3 must be a clientside issue. Either groupname, preshared key or peer ip is wrong. I suggest you to copy the pcf file in site in which connection works then import this pcf file in a site in which connection does not work. You can search for *.pcf in C:\ drive, you will see the pcf of this RemoteAccess VPN

Thank you for responds, I am using the same Clinet !!! (Notebook) at one site it works at the 3 other not. The remote VPN connection is established and I received a valid ip "10.151.53.100" from VPN-IP-pool. I even can see the connection in session monitor in ASDM but no acces to inside LAN

Any other ideas?

husycisco
Rising star
Rising star

Aha!

Most probably, the router/modem does not support transparent tunneling or it is not enabled. In VPN client screen, click on the connection, then click modify. In Transport tab, uncheck "Transparent Tunneling"

I tried but it doesn't work. I wrote you I am able to connect to different sites (PIX501) with transparent tunneling checked...

I have only problems connecting to the ASA 5505 with same vpn client

really strange

husycisco
Rising star
Rising star

Michael I found what is missing after re-checking your config. Add the following

isakmp nat-traversal 20

Regards

thats it, thanks al lot for your great support.

Best regards

Michael

husycisco
Rising star
Rising star

You are welcome Michael, nice to see that your problem is resolved :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers