01-13-2011 09:30 AM
User is able to connect, get's assigned an IP, we can see them connected
via ASDM, they can't access anything in our network.
Solved! Go to Solution.
01-13-2011 09:33 AM
Hi,
Check the following:
When attempting to send traffic check the output of ''sh cry ips sa'' to make sure packets encrypted/decrypted increments.
If not...
Could be that NAT-T is not configured.
Check the configuration for:
crypto isakmp nat-t
sh run all sysopt--> should show sysopt connection permit-vpn
Test:
Add the command
management-access inside
And try to PING the inside IP of the ASA from the VPN client.
Let's take it from here...
Federico.
01-13-2011 09:33 AM
Hi,
Check the following:
When attempting to send traffic check the output of ''sh cry ips sa'' to make sure packets encrypted/decrypted increments.
If not...
Could be that NAT-T is not configured.
Check the configuration for:
crypto isakmp nat-t
sh run all sysopt--> should show sysopt connection permit-vpn
Test:
Add the command
management-access inside
And try to PING the inside IP of the ASA from the VPN client.
Let's take it from here...
Federico.
01-13-2011 11:22 AM
someone made a change which affected the users. Below are his remarks:
I added crypto map 10 for connectivity to site1 and the crypto map ACL that I added for that tunnel to match was too broad in scope and included all 192.168.0.0/16 networks. Will get more specific on the allowed traffic for that tunnel.
Thanx for your help Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: