Re: VPN Client 4.6 Connects but no bytes received

patrick.lopez · ‎02-11-2005

The tunnel is established and I am seeing traffic being transmited and encrypted but nothing received.

Anyone know if this a routing issue or a config issue on the PIX running 3.3.

Thanks

Pat

sstudsdahl · ‎02-11-2005

Pat,

I'm guessing you are running 6.3.3. :)

If so, make sure you have the command "isakmp nat-traversal" configured on your PIX. This will allow the PIX to detect the use of NAT on the client end and encapsulate the VPN tunnel into UDP packets.

Steve

fragomez · ‎02-12-2005

Indeed you must be using PIX 6.3.3... :-)

One good practice to test if you have routing issues is to enable:

management-access inside

this will give you the chance to ping the inside of the PIX while connected with the VPN client, if you are able to ping then the VPN is working fine, otherwise make sure you do isakmp nat-travesal suggestion above.

If you are able to ping the inside of the PIX but nothing beyond then you are facing either a routing issue or a problem with your crypto acls.

Please send the output of the "show crypto ipsec sa" while doing a continuous ping to the host you are trying to reach.

Finally make sure you have the "sysopt connection permit-ipsec" command on your PIX config.

my two cents...

Frank

ehirsel · ‎02-13-2005

I would also check that the vpn gateway also hands out the proper dns and wins server info to the client, as well as the dns domain name.

dagesh4 · ‎02-17-2005

Sorry, I posted at the wrong messege