We help IT Professionals succeed at work.

Cisco VPN Client connected but no traffic

hienvo
hienvo asked
on
1,873 Views
Last Modified: 2012-08-13
Hi,

My Cisco ASA 5510 has configured with VPN remote access were work well long time ago. Now sometime there are some people can established VPN via Cisco VPN Client but cannot access to any internal resource. I saw on the VPN Session on Cisco ASDM there is no tx and rx traffic.

Is anyone know what is cause? Thanks.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
It looks there are routing problems. Some provider networks can have same addressing as your internal network. Ask problem users make (when VPN is connected):
route /print > c:\route.txt
command and compare results with you addressing

Commented:
Was there any config change when it stopped working, like change in pool ips. It can be a problem with routing within your internal network. If you want to rule out any problem on ASA,
++give "management-access <inside interface name>" command on ASA
++ensure that the traffic from inside interface ip to pool ip is nat-exempted
++now ping the inside interface ip from the client after connecting

If it pings, there are very few things that can cause problem:
++check the access-list on the inside interface, if any
++if pool ip is a subset of inside network, give "no sysopt noproxyarp <inside interface name>" command on asa

If they are correct, there must be a problem with the internal routing. You can confirm it by packet-tracer also, give this command on asa when the client is connected and paste the full output here..:

packet-tracer input <inside interface name> icmp <any ip on inside n/w> 8 0 <ip assigned to client> det

Commented:
check you split-tunneling also...
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi all,

Actually there was no change the configuration or internal routing because at same time another user can VPN and work well with the internal resource while the other user have problem (they are in different city).
CERTIFIED EXPERT

Commented:
Read my post, please. There was recommendations how to check possiible problems with IP addressing with different providers.

Author

Commented:
@ als315

Yes, I've checked already. I also try to changed the remote site which have the same address with our internal network. The strange thing is on another network have the same IP address with our internal network it's still work well.
CERTIFIED EXPERT

Commented:
Look to routing table. If it is correct - all should work. Compare routing tables in working and in problem sites
Top Expert 2010

Commented:
show me your asa config

Author

Commented:
I think when I checked on the "Enable IPsec over NAT-T" the problem is fixed.

Author

Commented:
joelvp is right, sometime if user need the public IP address so they can VPN successful.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.