Cisco PIX VPN Clients no Traffic

Discussion in 'Cisco' started by M3ph, Jun 14, 2006.

  1. M3ph

    M3ph Guest

    I have a problem with getting this pix to work good. I always been
    configuring pix with vpn client setup but this time i just cant resolve
    the issue.

    When setup the vpn connection, all goes well. Allthough traffic is not
    passing to the lan...

    below the output of the vpn clients

    sh cry ipsec sa
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 3, #pkts decrypt: 3, #pkts verify 3

    sh cry isa sa
    Total : 1
    Embryonic : 0
    dst src state pending created
    195.x.x.1 83.x.x.10 QM_IDLE 0 1

    When i remove the isakmp nat-traversal 20 statement, i get:
    sh cry ipsec sa
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 0, #pkts decrypt: 0 #pkts verify 0

    no traffic at all...

    here's a copy of my vpn config:

    access-list split permit ip 192.168.6.0 255.255.255.0 192.168.123.0
    255.255.255.0
    access-list nonat permit ip 192.168.6.0 255.255.255.0 192.168.123.0
    255.255.255.0

    ip address outside dhcp setroute retry 4

    global (outside) 1 interface
    global (inside) 1 interface
    global (intf2) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    nat (intf2) 1 0.0.0.0 0.0.0.0 0 0

    sysopt connection permit-ipsec
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto dynamic-map dynmap 10 set transform-set myset
    crypto map mymap 90 ipsec-isakmp dynamic dynmap
    crypto map mymap interface outside
    isakmp enable outside
    isakmp identity address
    isakmp nat-traversal 10
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    vpngroup digicore address-pool ippool
    vpngroup xxsx plit-tunnel split
    vpngroup xxx idle-time 1800
    vpngroup xxx password ********

    I also tried installing a updated version of the cisco client, but this
    didnt help much. I can connect to other sites without a problem with
    the same client.
     
    M3ph, Jun 14, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Otmar Spoettel
    Replies:
    2
    Views:
    3,274
    Martin Bilgrav
    Nov 25, 2005
  2. Evolution
    Replies:
    1
    Views:
    869
    Walter Roberson
    Feb 27, 2007
  3. S Reese
    Replies:
    0
    Views:
    850
    S Reese
    Jan 18, 2008
  4. GuenTech
    Replies:
    5
    Views:
    4,279
    sdunn96
    Nov 19, 2010
  5. teodor
    Replies:
    0
    Views:
    579
    teodor
    Aug 20, 2009
Loading...

Share This Page