HI, i am trying to create a remote access vpn on our 5520 but i am currently unable to pass traffic. The vpn client authenticates correctly but I am seeing no traffic decap
sh ipsec sa user *username*
username: jdyson
Crypto map tag: def_cryp_map, seq num: 65535, local addr: x.x.x.x
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.16.149.1/255.255.255.255/0/0)
current_peer: y.y.y.y, username: *username*
dynamic allocated peer ip: 172.16.149.1
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
windows routing table on the client looks like this
route: 10.0.0.0 mask: 255.0.0.0 gw: 172.16.149.2 int: 172.16.149.1
ipconfig results
IPv4 Address. . . . . . . . . . . : 172.16.149.1
Subnet Mask . . . . . . . . . . . : 255.255.255.224
default gateway:....................:
relevant config:
ip local pool SSS-pool 172.16.149.1-172.16.149.31 mask 255.255.255.224
crypto map outside_map 65535 ipsec-isakmp dynamic def_cryp_map
crypto map outside_map interface outside
tunnel-group SSSVPN type remote-access
tunnel-group SSSVPN general-attributes
address-pool SSS-pool
authentication-server-group Radius
default-group-policy SSSGrpPolicy
password-management password-expire-in-days 5
tunnel-group SSSVPN ipsec-attributes
pre-shared-key *****
group-policy SSSGrpPolicy internal
group-policy SSSGrpPolicy attributes
dns-server value 172.16.140.100 172.16.140.101
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSSVPNTunnelList
access-list SSSVPNTunnelList extended permit ip object-group rfc1918_addresses 172.16.149.0 255.255.255.224
any help appreciated
