11-13-2006 01:57 PM
I have configured a PIX 501 to support a a VPNclient connection. The client reports a connection and the client stats page page reports an address from the address-pool. I only see encrypted traffic but no decrypted traffic.
The PIX does have 2 ACLs (nonat & vpn3)supporting the link from the pool subnet to the inside subnet. I cannot ping in either direction.
Where do I start puzzling this out? I do have a debug isakmp trace if that is useful.
John G
Solved! Go to Solution.
11-14-2006 06:49 PM
11-13-2006 06:15 PM
John,
What do you see under "show crypto ipsec sa" on the pix. Do you see decrypts and no encrypts or decrypts only.
Can you do a clear xlate and then try to ping something on the inside subnet from the vpn client.
If clear xlate does not resolve the issue, could you post the pix configuration after removing sensitive information.
Regards,
Arul
** Please rate all helpful posts **
11-14-2006 12:45 PM
Arul,
The stats page & show cry ipsec sa both showed no decrypts. The clear xlate resolved the issue and I was able to ping devices on the network.
The Client is up and functioning.
Thank you
John G.
11-14-2006 06:49 PM
John,
Thanks for the update!! Glad the issue is resolved.
Regards,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide