Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1042
Views
0
Helpful
2
Replies

Iphone Ipsec vpn to ASA5520 not communicating to local devices

walterp
Level 1
Level 1

‎08-17-2012 01:55 AM - edited ‎02-21-2020 06:16 PM

Hi

I have an exisitng ASA5520 which is already working with remote clients using Cisco vpn client configured using ipsec over tcp, I am now trying to get vpn access for Iphones working and having a problem where once connected the Iphone cannot ping any internal device. The configuration on the Iphone does not allow for Ipsec over tcp and therefore uses udp 500 by default, if i create a new profile from a pc and do not use ipsec over tcp it has the same issue where it establishes a vpn tunnel but cannot ping any internal device as soon as I change the profile to ipsec over tcp it works fine.

Any assitance appreciated.

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎08-17-2012 04:14 AM

perhaps you have disabled NAT-traversal? Here is what it looks by default:

asa# sh run all | i crypto isakmp nat-traversal

crypto isakmp nat-traversal 20

If your clients or your ASA is behind a NAT/PAT-instance, it has to be enabled.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

walterp
Level 1
Level 1
In response to Karsten Iwen

‎08-17-2012 04:33 AM

Thank you for your response, I managed to get it working by enabling IPSec-ESP on the internet facing router.

0 Helpful
Customers Also Viewed These Support Documents