Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
2
Replies

tunnel up but no traffic

elite2010
Level 3
Level 3

‎11-23-2015 11:12 AM

Hi,

I have the following  setup , tunnel (remotesec )is up but host cannot access


group-policy VPN_GPO internal
group-policy VPN_GPO attributes
dns-server value 192.168.10.10
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_splitTunnelAcl
default-domain value test.com
address-pools value VPN_POOL

ip local pool VPN_POOL 172.16.128.65-172.16.128.78 mask 255.255.255.240
access-list VPN_splitTunnelAcl standard permit host 192.168.15.10
object network VPN_POOL
subnet 172.16.128.64 255.255.255.240
object network SERVER
host 192.168.15.10
nat (Inside,Outside) source static SERVER SERVER destination static VPN_POOL VPN_POOL no-proxy-arp route-lookup

Client Statitics

-----------------------

Tunnel Details
Bytes
received:0
Sent :420
Packets
Encrypted:7
Decrypted;0
Discarded:124
Bypassed:1664

Please help

Thanks 

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-23-2015 12:43 PM

Does the remote server know to route traffic back to the ASA for your VPN_POOL client addresses?

That's the most common problem when we see an established tunnel with encaps (from the client perspective) but no decaps (i.e. 0 packets decrypted)

0 Helpful

elite2010
Level 3
Level 3
In response to Marvin Rhoads

‎11-23-2015 02:33 PM

Hi,

Does the remote server know to route traffic back to the ASA for your VPN_POOL client addresses?

Yes there is routing back to ASA for vpn pool client address.

sw1# sh ip route 172.16.128.64
0.0.0.0/0, ubest/mbest: 1/0
*via 172.16.5.5,1d,static

where 172.16.5.5 is the asa inside interface ip.

Thanks

0 Helpful
Customers Also Viewed These Support Documents