11-29-2006 02:52 PM
I have a ASA5500, i have an outside user using Cisco VPN client to remote access into my network. They are able to connect and get an ip address from the pool. But they are unable to ping or VNC any devices inside my network. I have static routes on my cores and wan routers pointing back to the ASA. From the inside of my network i am also unable to ping any of the remotes clients ip addresses, any thoughts?
11-29-2006 08:42 PM
Is this the only user having connectivity issues or all users. Can you look under the statistics for packets Tx and Rx and also look at "show crypto ipsec sa" and check for packets encrypted/decrypted.
Also, please post the configuration if possible.
Regards,
Arul
** Please rate all helpful posts **
11-30-2006 02:38 AM
Could you tell me that the pool range is in same range with inside or not ?
Regards
Mozaffari
11-30-2006 07:34 AM
Are remote users behind nat device? Possibly a nat-t issue.
12-11-2006 04:31 PM
Darrick,
We had the same issue and it was down to the client's router. This was resolved by upgrading firmware on the router. (BT Voyager 220V).
12-11-2006 11:41 PM
usually there are two things to check for in these situations:
1. nat traversal: check that you have the command "isakmp nat-traversal" is configured
2. nat 0: make sure that you have the vpn pool configured in the nat 0 access list.
check the following:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/basclnt.htm#wp1062497
or the following configuration example:
HTH
Shadi`
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide