hienvo
asked on
Cisco VPN Client connected but no traffic
Hi,
My Cisco ASA 5510 has configured with VPN remote access were work well long time ago. Now sometime there are some people can established VPN via Cisco VPN Client but cannot access to any internal resource. I saw on the VPN Session on Cisco ASDM there is no tx and rx traffic.
Is anyone know what is cause? Thanks.
My Cisco ASA 5510 has configured with VPN remote access were work well long time ago. Now sometime there are some people can established VPN via Cisco VPN Client but cannot access to any internal resource. I saw on the VPN Session on Cisco ASDM there is no tx and rx traffic.
Is anyone know what is cause? Thanks.
Was there any config change when it stopped working, like change in pool ips. It can be a problem with routing within your internal network. If you want to rule out any problem on ASA,
++give "management-access <inside interface name>" command on ASA
++ensure that the traffic from inside interface ip to pool ip is nat-exempted
++now ping the inside interface ip from the client after connecting
If it pings, there are very few things that can cause problem:
++check the access-list on the inside interface, if any
++if pool ip is a subset of inside network, give "no sysopt noproxyarp <inside interface name>" command on asa
If they are correct, there must be a problem with the internal routing. You can confirm it by packet-tracer also, give this command on asa when the client is connected and paste the full output here..:
packet-tracer input <inside interface name> icmp <any ip on inside n/w> 8 0 <ip assigned to client> det
++give "management-access <inside interface name>" command on ASA
++ensure that the traffic from inside interface ip to pool ip is nat-exempted
++now ping the inside interface ip from the client after connecting
If it pings, there are very few things that can cause problem:
++check the access-list on the inside interface, if any
++if pool ip is a subset of inside network, give "no sysopt noproxyarp <inside interface name>" command on asa
If they are correct, there must be a problem with the internal routing. You can confirm it by packet-tracer also, give this command on asa when the client is connected and paste the full output here..:
packet-tracer input <inside interface name> icmp <any ip on inside n/w> 8 0 <ip assigned to client> det
check you split-tunneling also...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi all,
Actually there was no change the configuration or internal routing because at same time another user can VPN and work well with the internal resource while the other user have problem (they are in different city).
Actually there was no change the configuration or internal routing because at same time another user can VPN and work well with the internal resource while the other user have problem (they are in different city).
Read my post, please. There was recommendations how to check possiible problems with IP addressing with different providers.
ASKER
@ als315
Yes, I've checked already. I also try to changed the remote site which have the same address with our internal network. The strange thing is on another network have the same IP address with our internal network it's still work well.
Yes, I've checked already. I also try to changed the remote site which have the same address with our internal network. The strange thing is on another network have the same IP address with our internal network it's still work well.
Look to routing table. If it is correct - all should work. Compare routing tables in working and in problem sites
show me your asa config
ASKER
I think when I checked on the "Enable IPsec over NAT-T" the problem is fixed.
ASKER
joelvp is right, sometime if user need the public IP address so they can VPN successful.
route /print > c:\route.txt
command and compare results with you addressing