cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1042
Views
0
Helpful
2
Replies

Iphone Ipsec vpn to ASA5520 not communicating to local devices

walterp
Level 1
Level 1

Hi

I have an exisitng ASA5520 which is already working with remote clients using Cisco vpn client configured using ipsec over tcp, I am now trying to get vpn access for Iphones working and having a problem where once connected the Iphone cannot ping any internal device. The configuration on the Iphone does not allow for Ipsec over tcp and therefore uses udp 500 by default, if i create a new profile from a pc and do not use ipsec over tcp it has the same issue where it establishes a vpn tunnel but cannot ping any internal device as soon as I change the profile to ipsec over tcp it works fine.

Any assitance appreciated.

2 Replies 2

perhaps you have disabled NAT-traversal? Here is what it looks by default:

asa# sh run all | i crypto isakmp nat-traversal

crypto isakmp nat-traversal 20

If your clients or your ASA is behind a NAT/PAT-instance, it has to be enabled.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Thank you for your response, I managed to get it working by enabling IPSec-ESP on the internet facing router.