EAZY VPN CLIENTS connected, but there is one way traffic

Jean Paul Enerst · ‎11-02-2012

Hi all,

Before all, thanks for the help... There is the issue, the client can establish a tunnel with the PIX acting as the VPN server. However, the client can't access any resources in the inside network(Exempted by NAT and ACL). I have doubles check(enable) all the items below so far, is there something else i should try that isn't in the list below?

NAT is exempt is in placed the outbound interface
ACL in the outbound interface to permit traffic exempted by NAT
Inbound interface is still in default state(any ---> any less secure networs permt, and any ---> any deny)
RRI is enable

Same security traffic permit(intra interface)

Should I add a route on the FW to point the pool for the remote vpn user??
NO split tunnel enable.
VPN client shows statistics sent/Encrypt packet, but NO Receive/Decrypt packet(Seems GW doesn't send traffic back to the client )
NAT-T is enable in the policy in the PIX, but not on the vpn client software

When ping an inside host from the eazy vpn client, i got request timeout, but the FW log shows packet get through just fine...

Packet capture in the egress interface of the FW sees traffic from remote vpn client going to inside host... but host keep getting request timeout.

Thanks again,

Jennifer Halim · ‎11-02-2012

If the packet is getting out of the FW inside interface, then it sounds like a host issue.

A few things to check on the host:

1) Host has 1 or 2 NICs? if 2 NICs, make sure that the traffic is in and out of the same NIC. Check the default gateway is configured correctly on the host.

2) Does the host have any firewall on itself that might be blocking inbound access from a different subnet?