Cisco VPN connects but then no services are available.

Where to start:
I have a situation where by my remote office, 5 machines, connects to head office via Cisco VPN client.
Recently we have been able to make a vpn connection but once connected we have no services available like connecting to servers, internet, network drives, voip phone or even pinging any of the services. We get an IP address on the virtual network adaptor created by vpn connection but then nothing.
After a hec of amount of troubleshooting I swapped out our router, Draytek Vigor 2820, for another 2820. Same problem. I then took my Draytek Vigor from home, that does work, to the office and it works perfectly fine using the 2600 router in the office. I then tried a dlink router and that worked in office as well. So it has something to do with the 2820 router. It has been working fine for months and now recently, having changed nothing on it, it has stopped working for us with Cisco vpn connection. Does anyone have any clues as to why and what I could do on the router to resolve issue or could it be something on the cisco side that needs changing? I have already updated firmware to latest version on router.
Any help / advice would be great appreciated.
Regards,
Ashley

Can you please share the configuration as there might be something that change after the upgrade that might cause the issue.

Similar Messages

OEL 5 - Cisco VPN connects proper, then in a few minutes times out

Issue
I installed the latest Linux Cisco VPN (e.g. on Oracle Enterprise linux)
Error
I get this-->
[user@localhost ~]$ vpnclient connect xyz
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.18-164.el5xen #1 SMP Thu Sep 3 02:41:56 EDT 2009 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at xxx.xx.xxx.xxx
Contacting the gateway at xxx.xx.xxx.xxx (balancing)
User Authentication for xyz...
Enter Username and Password.
Username [xyz]:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
Your VPN connection is secure.
VPN tunnel information.
Client address: xxx.xxx.xxx.xxx
Server address: xxx.xx.xxx.xxx
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is active on port UDP 4500
Local LAN Access is disabled
Secure VPN Connection terminated locally by the Client
Reason: Remote peer is no longer responding.
Disconnecting the VPN connection.
[user@localhost ~]$
Questions
Even when I drop the OEL 5 firewall -- the remote peer will still "no longer respond"
Also, while the VPN is connected, browsers set to the proper proxy and mail do not connect and return data, etc...
Then it just does this -->
Secure VPN Connection terminated locally by the Client
Reason: Remote peer is no longer responding.
Any advise will be appreciated....
Thanks.....
Edited by: mheath on Dec 7, 2009 2:41 PM

1) Note that I do understand that external mail will not work when connected to the vpn, only internal mail
2) When the vpn is connected, the following should work and both "do not work":
a) When pointing to the proper proxy, the browser should display "external pages like google" and internal pages..
b) And, internal imap mail should work - it does not
3) on a windows machine in the same exact subnet/network vpn works fine...?
4) Also, I have had vpn working with ubuntu 9.1x just previously in the same exact subnet/network!
5) ==> Something is not letting the vpn communicate "after" it is connected on the OEL 5 server ?
Thanks...

Cisco vpn connection

I am tryijng to set up a cisco vpn connection.
I tried to do it manually throygh setting set up a vpn connection an by installion a config.
Always i get the message "voer de gebruikersgegevens in" what means in English enter your user contents or something.
I tried everything, setting of my Wifi before configuring
The information I filled in are:
Beschrijving: Optimix VPN
Server: 195.18.88.130
Account: my username
Password: .....
Uses cert: no
Groepsnaam: Optimixmobiel
Geheim: .....
Can somebody tell me what the problem is?
Kindly regards

I have the same problem. I configured My iPhone to connect my PIX trough VPN.
In the first time the first phrase wouldn't succeeded.
But I read this ( http://blogs.oreilly.com/iphone/2008/07/strong-passwords-can-hurt.html ) and that's now not really the problem. (to strong pw)
When I let the iPhone connect I see a popup 'Enter User Authentication' if I chose OK, its gone (I have the Dutch version)
If I see the syslog I see this: Authentication failed for user ''
it looks like the iPhone send an empty user account?
How can we fix this?
Regards,
Dennis Kortekaas
The Netherlands

Safari5.1.8 drops off line, but airport stays connected, but window says you are not connected to internet?

safari5.1.8 drops off line, but airport stays connected, but window says you are not connected to internet? then a couple minutes later it reconnects. I am on an AT&T wireless.

my mac G4 does not have any problem with this. suspect it is safari, airport never drop off or turn off, just safari

Cisco VPN Connection Problems

Hello Everyone,
We're having a problem with the Cisco VPN connection capability in Snow Leopard.
The transaction complains that our shared secret is incorrect. What I believe is happening is that certain assumptions are made about the IKE proposals and encryption etc. There doesn't appear to be a place to tailor these in the connection profile. There may be at the system level (which I'm unaware of).
Has anyone else experienced this problem?
I believe the same problem applies to the iPhone's Cisco VPN connector.
Furthermore, Cisco is not providing Snow-Leopard IPSec home-to-network clients any longer; they are promoting the AnyConnect SSL VPN instead, for which they have a BETA build available specifically for Snow Leopard.
So this reduces our options (yes, I'm working on VPNTracker).
Thank you.

It is a known limitation that you are only able to establish a single VPN connection to the same VPN server through a router doing NAT like yours.
What client exactly do you use and what settings did you define there?

TS3212 I am trying to download itunes to PC and it downloads but then says Service Apple Mobile Device failed to restart. Verify sufficient privileges to start system services. What do I need to do? I am an Administrator on the PC so what else needs atten

I am trying to download itunes to PC and it downloads but then says Service Apple Mobile Device failed to restart. Verify sufficient privileges to start system services. What do I need to do? I am an Administrator on the PC so what else needs attention?

Hi txatxo
Thanks for using Apple Support Communities. You may need to restart the Apple Mobile Device Service. This article has instructions for doing this:
How to restart the Apple Mobile Device Service (AMDS) on Windows
http://support.apple.com/kb/ts1567
If that doesn't resolve the issue, I would recommend trying a thorough uninstall and reinstall of iTunes as described here:
Removing and reinstalling iTunes and other software components for Windows Vista, Windows 7, or Windows 8
http://support.apple.com/kb/HT1923
Cheers,
- Ari

TS3367 I am trying to FaceTime from my iPhone5 as well as my iPad 2 and it keeps saying that it's connect but then a message saying FaceTime unavailable pops up. How do I fix this?

I am trying to FaceTime from my iPhone5 as well as my iPad 2 and it keeps saying that it's connect but then a message saying FaceTime unavailable pops up. How do I fix this?

I am having the same issue... Please advise...
I avidly use facetime DAILY and for about 3-4 days now, whenever I try and send or receive facetime request it hangs up immediately without ever picking up. This is happening on all my devices and with everyone and doesn't matter what network/ wifi I'm connected to. This is definitely a network issue with individual profiles...

Hi, how do i share big files using the creative cloud , it says download the crative cloud connection, but then sends me nowhere that says that

hi, how do i share big files using the creative cloud , it says download the crative cloud connection, but then sends me nowhere that says that

Hi Jonty, check the file size limit: Creative Cloud Desktop application FAQ
You can also check the details around sharing and collaborating files: Sync and share files and folders with collaborators | Adobe Creative Cloud tutorials
Atul_Saini

My wifi usually automatically hooks up my other home's wifi, but i went away for a while and it hasnt connected so i tried to put the password in again, and it said it was connected but then it just lets it go. And it is refusing to work.

My wifi usually automatically hooks up my other home's wifi, but i went away for a while and it hasnt connected so i tried to put the password in again, and it said it was connected but then it just lets it go. And it is refusing to work.

Using FaceTime http://support.apple.com/kb/ht4319
Troubleshooting FaceTime http://support.apple.com/kb/TS3367
The Complete Guide to FaceTime: Set-up, Use, and Troubleshooting Problems
http://tinyurl.com/32drz3d
 Cheers, Tom

IPSEC Cisco VPN connection. Modifying default VPN gateway allows internet traffic but loses access to VPN

Hello!!
I'm using the IPSEC Cisco VPN Network property to connect to my company.
Once I get connected, I lose internet access, because all the traffic is redirected through the tunnel and I want both, of course.
If I modify the default getaway in the routing table, with this command
route change default x.x.x.x, where this is the getaway IP when not connected to the VPN,
I gain access to internet, but I lose access through the VPN tunnel.
I was reading about it in google, and what I have to do is to add a static route to the VPN again, but I don't know how.
Could you please help me?
thanks in advance!!

Hi Norbert,
I am sorry to say that configuring routes in Azure Virtual network is not supported. I recommend you to submit your reuqirement on Azure Feedback and hope it would be released soon:
http://feedback.azure.com/forums/217313-networking-dns-traffic-manager-vpn-vnet
Best regards,
Susie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

I lost my ipod touch and it is connected to the internet but the location services are turned off anyway i could turn them on??

Hi, I was wondering if anybody here knows how to turn on location services without the ipod in your hand it is connected through find my iphone and it says its online but location services are turned off if anybody here knows or think they know it would be greatly appreciated

No.
- If you previously turned on the FIndMyiPod feature and location service is on, and wifi is on and connected go to iCloud, sign in, and go to FindMyiPhone. It the iPod has been restored it will never show up.
- Report to police and change the passwords fro all accounts used on the iPod.
- Apple will not help
Reporting a lost or stolen Apple product

VPN connects but No Ping; AFP; or SMB

Folks;
All Mac's are fully updated Tiger or Tiger Server {running dual NIC's w/ NAT;DNS;DCHP;VPN;AFP;Firewall;Windows;DNS}
I can connect using the client's IntenetConnet L2TP mechanism and the clock ticks away...
But once connected I cannot mount shares or ping.
I have verfied that these shares can be mounted if connected NOT thru the VPN.
I have read a long thread here from last year and based on that have implemented firewall rules for allowing all traffic (TCP & UPD) (In or Out) for ppp* to 19.168.2.0/24 and for 192.168.2.0/24 to ppp* {4 rules total}
I have not made any Network Routing Definitions in the VPN settings
Help Please!
How do you debug this? Where is the best documentation to read on this?
I'm going nuts!
Steve

Start by enabling logging of denied packets in the firewall settings.
Then: what IP are you trying to use to get at the server services (you should use the NATed LAN IP)?
Also the remote client must not be connecting from a network which are using the same IP range as the server LAN.
And VPN client IPs must be part of the LAN IP range.

Cisco VPN connection just 'hangs', during connection.

Hello all.
I have installed Cisco VPN Client 4.6.00.0045, every so often when I try to connect it, it prompts for the username and password, which I enter, then it appears to try and connect but nothing, I have left it and left it for over 1hr at times, to see is its just slow, but nothing.
If I try and click on the Cancel Connection option, it doesnt cancel, if I use Task Manager, to end task it doesnt, the only way I appear to be able to 'get the system running' is by restarting the workstation.
My workstation is on a works network, other PCs are able to connect using the same VPN details, so it cant be Firewall etc...
My PC is running XP Pro SP2
Any ideas on what could be the problem?
Extract from a screen shot and logs belows;
Securing communications channel
Initializing the connection
Contacting the security gateway at xxx.xxx.xxx.xxx?
Authenticating user
Contacting the security gateway at xxx.xxx.xxx.xxx?
Negotiating security policies
Securing communications channel
64 06:46:59.335 06/13/07
Assigned VA private interface addr xx.xx.xx.xxx

Have been having the same issue for several months. Similar configuration with XP Pro (SP3 now) using VPN Client 5.0.02.0090.
When the VPN client hangs, the svchost.exe uses up 100% of the CPU and a reboot is the only solution. Sometimes it take 5 or 6 reboots before the VPN will connect.
If I wait long enough after the initial login, I can usually connect but this does not always help. If I wait too long, however, or run other programs before I start the VPN Client, it will hang. If the system disconnects for some reason, the VPN client usually hangs on the reconnect.
I've been looking for an answer to this problem for some time now and this is the fist place I've seen where another user was experiencing the same issue.

ASA 5505 IPSEC VPN connected but can't access to LAN

ASA : 8.2.5
ASDM: 6.4.5
LAN: 10.1.0.0/22
VPN Pool: 172.16.10.0/24
Hi, we purcahsed a new ASA 5505 and try to setup IPSEC VPN via ASDM; i just simply run the Wizards, setup vpnpool, split tunnelling,etc.
I can connect to the ASA by using cisco VPN client and internet works fine on the local PC, but it cannot access to the LAN (can't ping. can't remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile i created worked fine.
Below is my configure, do I mis-configure anything?
ASA Version 8.2(5)
hostname asatest
domain-name XXX.com
enable password 8Fw1QFqthX2n4uD3 encrypted
passwd g9NiG6oUPjkYrHNt encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.1.1.253 255.255.252.0
interface Vlan2
nameif outside
security-level 0
ip address XXX.XXX.XXX.XXX 255.255.255.240
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name vff.com
access-list vpntest_splitTunnelAcl standard permit 10.1.0.0 255.255.252.0
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.252.0 172.16.10.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging asdm informational
logging device-id hostname
logging host inside 10.1.1.230
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 172.16.10.1-172.16.10.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server AD protocol nt
aaa-server AD (inside) host 10.1.1.108
nt-auth-domain-controller 10.1.1.108
http server enable
http 10.1.0.0 255.255.252.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.1.0.0 255.255.252.0 inside
ssh timeout 20
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy vpntest internal
group-policy vpntest attributes
wins-server value 10.1.1.108
dns-server value 10.1.1.108
vpn-tunnel-protocol IPSec l2tp-ipsec
password-storage disable
ip-comp disable
re-xauth disable
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpntest_splitTunnelAcl
default-domain value XXX.com
split-tunnel-all-dns disable
backup-servers keep-client-config
address-pools value vpnpool
username admin password WeiepwREwT66BhE9 encrypted privilege 15
username user5 password yIWniWfceAUz1sUb encrypted privilege 5
username user3 password umNHhJnO7McrLxNQ encrypted privilege 3
tunnel-group vpntest type remote-access
tunnel-group vpntest general-attributes
address-pool vpnpool
authentication-server-group AD
authentication-server-group (inside) AD
default-group-policy vpntest
strip-realm
tunnel-group vpntest ipsec-attributes
pre-shared-key BEKey123456
peer-id-validate nocheck
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4
: end

I change a Machine's gateway to this ASA and capture again, now we can see some reply.
All ohter PCs and switches gateway are point to another ASA, maybe that's the reason why i didn't work?
what's the recommanded way to make our LAN to have two 2 gateways(for load balance or backup router, etc)?
add two gateways to all PCs and swtichwes?
1: 18:15:48.307875 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
   2: 18:15:49.777685 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
   3: 18:15:51.377147 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
   4: 18:15:57.445777 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
   5: 18:15:58.856324 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
   6: 18:16:00.395090 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
   7: 18:16:06.483464 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
   8: 18:16:08.082805 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
   9: 18:16:09.542406 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
10: 18:16:20.640424 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
11: 18:16:20.642193 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
12: 18:16:21.169607 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
13: 18:16:21.171210 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
14: 18:16:22.179556 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
15: 18:16:22.181142 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
16: 18:16:23.237673 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
17: 18:16:23.239291 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
18: 18:16:27.676402 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
19: 18:16:29.246935 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
20: 18:16:30.676921 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
21: 18:16:49.539660 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request
22: 18:16:54.952602 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request
23: 18:17:04.511463 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request

VPN connects but unable to access resources on remote network

HI,
I'm able to ping the ASA interface once the VPN is connected but unable to access any of the resources located on the remote network such as shares and computers. The cisco vpn client shows data being sent and recieved when I ping the interface on the ASA but it doesn't recieve any data when I attempt to ping or access other resources on the network.
ASA Version 8.2(5)
hostname HOST_NAME
domain-name default.domain.invalid
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
speed 10
duplex half
interface Ethernet0/4
speed 100
duplex full
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.10.8.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 12.x.x.x x.x.x.x
boot system disk0:/asa825-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 10.10.8.2
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Vipre tcp
port-object range 18082 18082
port-object range 18086 18086
object-group network town
network-object 192.168.0.0 255.255.0.0
access-list outside_20_cryptomap extended permit ip 10.10.8.0 255.255.255.0 192.168.0.0 255.255.252.0
access-list new extended permit ip host 192.168.0.1 any
access-list new extended permit ip any host 192.168.0.1
access-list outside_20_cryptomap_1 extended permit ip 10.10.8.0 255.255.255.0 192.168.0.0 255.255.252.0
access-list townoffice_splitTunnelAcl standard permit 10.10.8.0 255.255.255.0
access-list townremote_splitTunnelAcl standard permit 10.10.8.0 255.255.255.0
access-list outside_access_in extended permit tcp any interface outside object-group Vipre
access-list outside_access_in extended permit tcp any object-group Vipre interface inside object-group Vipre
access-list outside_access_in extended permit tcp any eq 3389 10.10.8.0 255.255.255.0 eq 3389
access-list test extended permit ip host 192.168.0.6 host 10.10.8.155
access-list test extended permit ip host 10.10.8.155 host 192.168.0.6
access-list test extended permit ip host 10.10.8.2 host 192.168.3.116
access-list test extended permit ip host 192.168.3.116 host 10.10.8.2
access-list test extended permit ip host 10.10.8.155 host 192.168.3.116
access-list bypass extended permit ip host 10.10.8.155 host 192.168.3.116
access-list bypass extended permit tcp 192.168.0.0 255.255.0.0 10.10.8.0 255.255.255.0
access-list bypass extended permit tcp 10.10.8.0 255.255.255.0 192.168.0.0 255.255.0.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn 10.10.8.125-10.10.8.149 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (inside) 1 interface
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 18082 10.10.8.2 18082 netmask 255.255.255.255
static (inside,outside) tcp interface 18086 10.10.8.2 18086 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 10.10.8.2 3389 netmask 255.255.255.255
static (inside,inside) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
static (inside,inside) 10.10.8.0 10.10.8.0 netmask 255.255.255.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 12.70.119.65 1
route inside 192.168.0.0 255.255.0.0 10.10.8.250 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http outside
http outside
http inside
http outside
http inside
http outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp inside
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto map outside_map 20 match address outside_20_cryptomap_1
crypto map outside_map 20 set pfs
crypto map outside_map 20 set peer 69.87.150.118
crypto map outside_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 30
telnet 10.10.8.0 255.255.255.0 inside
telnet timeout 5
ssh 63.161.207.0 255.255.255.0 outside
ssh timeout 5
console timeout 0
dhcpd dns 10.8.8.2
dhcpd address 10.10.8.150-10.10.8.200 inside
dhcpd dns 10.10.8.2 interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy aaa internal
group-policy aaa attributes
dns-server value 10.10.8.2 4.2.2.2
vpn-tunnel-protocol IPSec
default-domain value domainname
group-policy bbb internal
group-policy bbb attributes
wins-server value 10.10.8.2
dns-server value 10.10.8.2
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelall
split-tunnel-network-list value townoffice_splitTunnelAcl
default-domain value domainname.local
group-policy townremote internal
group-policy townremote attributes
wins-server value 10.10.8.2
dns-server value 10.10.8.2 4.2.2.2
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value townremote_splitTunnelAcl
default-domain value domainanme
group-policy remote internal
group-policy remote attributes
wins-server value 10.10.8.2
dns-server value 10.10.8.2
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value townremote_splitTunnelAcl
default-domain value dksecurity.local
address-pools value vpn
username xxxx password . encrypted privilege 15
username xxxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy dksecurityremote
username xxxx password . encrypted privilege 15
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxx password encrypted privilege 15
username xxxx attributes
vpn-group-policy remote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy remote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy remote
username xxxx password encrypted privilege 15
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy remote
tunnel-group 69.87.150.118 type ipsec-l2l
tunnel-group 69.87.150.118 ipsec-attributes
pre-shared-key *****
tunnel-group remote type remote-access
tunnel-group remote general-attributes
address-pool vpn
default-group-policy townremote
tunnel-group townremote ipsec-attributes
pre-shared-key *****
isakmp keepalive disable
tunnel-group townremote type remote-access
tunnel-group townremote general-attributes
address-pool vpn
default-group-policy townremote
tunnel-group lansingremote ipsec-attributes
pre-shared-key *****
class-map tcp-bypass
match access-list bypass
class-map test
match access-list new
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
no dns-guard
no protocol-enforcement
no nat-rewrite
policy-map global_policy
class test
class inspection_default
policy-map tcp
class tcp-bypass
set connection random-sequence-number disable
set connection advanced-options tcp-state-bypass
service-policy global_policy global
service-policy tcp interface inside
prompt hostname context
call-home reporting anonymous prompt 2
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c724d6744097760d94a7dcc79c39568a
: end

You need to change the VPN pool ip subnet to something other than the same ip range used on the inside interface.
Sent from Cisco Technical Support iPad App

Cisco VPN connects but then no services are available.

Similar Messages

Maybe you are looking for