Cisco PIX VPN Clients no Traffic

Discussion in 'Cisco' started by M3ph, Jun 14, 2006.

  1. M3ph

    M3ph Guest

    I have a problem with getting this pix to work good. I always been
    configuring pix with vpn client setup but this time i just cant resolve
    the issue.

    When setup the vpn connection, all goes well. Allthough traffic is not
    passing to the lan...

    below the output of the vpn clients

    sh cry ipsec sa
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 3, #pkts decrypt: 3, #pkts verify 3

    sh cry isa sa
    Total : 1
    Embryonic : 0
    dst src state pending created
    195.x.x.1 83.x.x.10 QM_IDLE 0 1

    When i remove the isakmp nat-traversal 20 statement, i get:
    sh cry ipsec sa
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 0, #pkts decrypt: 0 #pkts verify 0

    no traffic at all...

    here's a copy of my vpn config:

    access-list split permit ip
    access-list nonat permit ip

    ip address outside dhcp setroute retry 4

    global (outside) 1 interface
    global (inside) 1 interface
    global (intf2) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 0 0
    nat (intf2) 1 0 0

    sysopt connection permit-ipsec
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto dynamic-map dynmap 10 set transform-set myset
    crypto map mymap 90 ipsec-isakmp dynamic dynmap
    crypto map mymap interface outside
    isakmp enable outside
    isakmp identity address
    isakmp nat-traversal 10
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    vpngroup digicore address-pool ippool
    vpngroup xxsx plit-tunnel split
    vpngroup xxx idle-time 1800
    vpngroup xxx password ********

    I also tried installing a updated version of the cisco client, but this
    didnt help much. I can connect to other sites without a problem with
    the same client.
    M3ph, Jun 14, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.