Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2075
Views
0
Helpful
4
Replies

Cisco VPN client connects, but cannot ping the server

Go to solution
leonnikolaou
Level 1
Level 1

‎02-18-2011 06:42 AM - edited ‎03-11-2019 12:52 PM

Hi,

At my office I have a cisco ASA firewall 5505. I'm trying to connect to another location by using a cisco vpn client.

I'm connected sussesful to the other location with my vpn client but then I cannot ping or remote desktop to my remote server.

When I try to connect with my wireless connection from the office, everything works fine, I can connect and can rdp my server.

I think there is something on my Cisco ASA firewall that propaply blocking me from accessing my remote server, since by wireless everything is ok.

Below you can see printshoots from my ASA that shows the ports that I have opened.

I would appreciate any suggestions.

Thank you!

Regards

Leon1.bmp

2.bmp

.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to leonnikolaou

‎02-18-2011 11:28 AM

On the ASA it should be enabled by default but you can check it out doing:

sh run all cry isa

You should see:

crypto isakmp nat-traversal 20

To test IPsec/TCP you need to chose that option on the client (where NAT-T is chosen) and on the server  cry isakmp ipsec-over-tcp port 10000

Hope it helps.

Federico.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎02-18-2011 07:00 AM

Hi,

If your VPN client connection is going through the ASA (and the ASA is doing PAT for your connection) you might need to make sure that NAT-T is enabled on both the server and client.

On the client under transport by default NAT-T should be enabled under the transport tab.

On the VPN endpoint (server) you need to check for NAT-T

You can try enabling IPsec/TCP on both ends as well.

Federico.

0 Helpful

Go to solution
leonnikolaou
Level 1
Level 1
In response to Federico Coto Fajardo

‎02-18-2011 07:34 AM

Hi Federico,

thanks for your reply. When using the wireless the connection is ok.

when going out through the ASA then is doing the problem.

On the client the NAT-T it is enabled.

You mean to check on my remote ASA firewall which the vpn is configured if the NAT-T is enable? if yes, how can I check that?

Also, how can I enable the IPsec/TCP on both ends?

Thank you for your time

Regards

Leon

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to leonnikolaou

‎02-18-2011 11:28 AM

On the ASA it should be enabled by default but you can check it out doing:

sh run all cry isa

You should see:

crypto isakmp nat-traversal 20

To test IPsec/TCP you need to chose that option on the client (where NAT-T is chosen) and on the server  cry isakmp ipsec-over-tcp port 10000

Hope it helps.

Federico.

0 Helpful

Go to solution
leonnikolaou
Level 1
Level 1
In response to Federico Coto Fajardo

‎02-20-2011 11:44 PM

Federico you rock!!

Thank you so much!! for some reason the crypto isakmp nat-traversal 20

was not enable on neither ASA so as soon as I entered that command it worked!

Thank you!!

Regards

Leon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card