Solved: VPNClient connects but network links fail

john.graves · ‎11-13-2006

I have configured a PIX 501 to support a a VPNclient connection. The client reports a connection and the client stats page page reports an address from the address-pool. I only see encrypted traffic but no decrypted traffic.

The PIX does have 2 ACLs (nonat & vpn3)supporting the link from the pool subnet to the inside subnet. I cannot ping in either direction.

Where do I start puzzling this out? I do have a debug isakmp trace if that is useful.

John G

ajagadee · ‎11-14-2006

John,

Thanks for the update!! Glad the issue is resolved.

Regards,

Arul

View solution in original post

ajagadee · ‎11-13-2006

John,

What do you see under "show crypto ipsec sa" on the pix. Do you see decrypts and no encrypts or decrypts only.

Can you do a clear xlate and then try to ping something on the inside subnet from the vpn client.

If clear xlate does not resolve the issue, could you post the pix configuration after removing sensitive information.

Regards,

Arul

** Please rate all helpful posts **

john.graves · ‎11-14-2006

Arul,

The stats page & show cry ipsec sa both showed no decrypts. The clear xlate resolved the issue and I was able to ping devices on the network.

The Client is up and functioning.

Thank you

John G.

ajagadee · ‎11-14-2006

John,

Thanks for the update!! Glad the issue is resolved.

Regards,

Arul