Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1530
Views
0
Helpful
7
Replies

Can connect to IPSec VPN but can't see internal network

Go to solution
bill_baxter
Level 1
Level 1

‎06-09-2008 03:38 PM - edited ‎02-21-2020 03:46 PM

I have several users that can connect to our VPN ussing IPSec on a 5505. I have one user that can connect, but cannot see the internal network. This user is using DSL with a speedstream 4100. However, I have another user with the same setup that can connect and see the internal network. The logs in ASDM show the connection, but don't seem to show any errors when trying to access internal. Any help will be greatly appreciated. Thanks, Bill.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
acomiskey
Level 10
Level 10
In response to bill_baxter

‎06-10-2008 08:41 AM

Add..

crypto isakmp nat-traversal

View solution in original post

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to bill_baxter

‎06-10-2008 11:52 AM

No it does not. It just negotiates to see if there is any NAT in the transit path (by using HASH values), if the hashes are not equal it encapsulates the IPSEC traffic inside UDP 4500. The VPN is still as secure as it is before.

Regards

Farrukh

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-09-2008 05:59 PM

Are you using split tunneling/local lan access?

Are both Clients seeing the same routes in their VPN Client >> Routes window?

Have you tried to compare the 'route print' output of both machines after the VPN has been established?

Are both machines using Same OS/PATCH level?

Regards

Farrukh

0 Helpful

Go to solution
bill_baxter
Level 1
Level 1
In response to Farrukh Haroon

‎06-09-2008 06:19 PM

using split tunneling. can't get local lan access to work on client side even if checked on the transport tab.

it only shows 0.0.0.0 0.0.0.0 for network/subnet under secured routes.

i will check the route print stats.

same os and patch levels.

Thanks,

bill

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to bill_baxter

‎06-09-2008 06:38 PM

Please have a look at the following two links, please note you can use only ONE of them at a time:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

Your output should match the VPN CLient >> Statistics >> Route details mentioned on these links, based on what you want to configure (Local LAN OR Split-tunneling)

Regards

Farrukh

0 Helpful

Go to solution
bill_baxter
Level 1
Level 1
In response to Farrukh Haroon

‎06-10-2008 08:08 AM

now i have setup antoher user, and the same thing happens. connection established, but no access to internal net. i have three users who can access internal net and two that cannot. can you please take a look at my config and see if there is anything wrong? Thanks, Bill

Preview file
5 KB
0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to bill_baxter

‎06-10-2008 08:41 AM

Add..

crypto isakmp nat-traversal

0 Helpful

Go to solution
bill_baxter
Level 1
Level 1
In response to acomiskey

‎06-10-2008 09:19 AM

crypto isakmp nat-traversal worked for one user, and i am going to try the other.

but does this pose any security risks?

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to bill_baxter

‎06-10-2008 11:52 AM

No it does not. It just negotiates to see if there is any NAT in the transit path (by using HASH values), if the hashes are not equal it encapsulates the IPSEC traffic inside UDP 4500. The VPN is still as secure as it is before.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents