Cisco Remote Client VPN - Cannot connect to resources

I have a user trying to access our central resources using a Cisco Remote VPN clinet.

The client is connecting to a PIX515E

The VPN connects succesfully and I can see the connection on the PIX, but the remote user cannot access the devices behind my PIX.

If I do a "sh crypto ipsec sa" I can see his connection listed but it shows only outbound traffic and nothing inbound. My other users on the same client to the same box are currently working with no problems.

Any ideas what the problem might be, or how I can further diagnose it ?


   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (192.168.254.1/255.255.255.255/0/0)
   current_peer: xx.xx.xx.xx:60243
   dynamic allocated peer ip: 192.168.254.1

     PERMIT, flags={}
    #pkts encaps: 67, #pkts encrypt: 67, #pkts digest 67
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: yy.yy.yy.yy, remote crypto endpt.: xx.xx.xx.xx
     path mtu 1500, ipsec overhead 56, media mtu 1500
     current outbound spi: 1b1501b9

     inbound esp sas:
      spi: 0x78734a2f(2020821551)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 54, crypto map: intamap
        sa timing: remaining key lifetime (k/sec): (4608000/27335)
        IV size: 8 bytes
        replay detection support: Y


     inbound ah sas:


     inbound pcp sas:


     outbound esp sas:
      spi: 0x1b1501b9(454361529)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 53, crypto map: intamap
        sa timing: remaining key lifetime (k/sec): (4607997/27335)
        IV size: 8 bytes
        replay detection support: Y


     outbound ah sas:


     outbound pcp sas:





ccfcfcAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ccfcfcAuthor Commented:
Additional info.....

I notice the following line in the above IPSec info.

current_peer: xx.xx.xx.xx:60243

On all of my other remote clients that are currently connected and working, this line is shown as using port 500. I'm guessing that may be part of the issue ?
0
ccfcfcAuthor Commented:
Sorted.

I didn't have Nat-traversal enabled.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.