RemoteAccess VPN does not, the client VPNC connects but no connectivity

Hi all

I configured cisco ASA 5520 VPN remote access, Cisco vpn client connects very well and both phases are upcoming but aren't encapsulating packets phase ipsec. and ima could not reach remote subnets 192.168.10.0 and 192.168.180.0

kindly help me to solve the problem... Here's the relevant config

Thank you
Mikael

config====================================================================
allowed to access list acl sheep line 20 extended ip 192.168.10.0 255.255.255.0 172.23.20.0 255.255.255.128
allowed to access list acl sheep line 20 extended ip 192.168.180.0 255.255.255.240 172.23.20.0 255.255.255.128

access-list 1 permit line splitTunnel_raacl extended ip 192.168.10.0 255.255.255.0 any
allowed to Access-list splitTunnel_raacl line 2 extended ip 192.168.180.0 255.255.255.240 all

allowed to Access-list ra_acl line 1 extended ip all 192.168.10.0 255.255.255.0
allowed to Access-list ra_acl line 2 extended ip all 192.168.180.0 255.255.255.240

AAA-server non-retail-VPN protocol Ganymede +.
AAA-server non-retail-VPN (inside) host 192.168.200.14
3n0cr1ght5 key
Non-retail-VPN (inside) host 192.168.10.9 AAA-server
3n0cr1ght5 key

mask IP local pool ra 172.23.20.2 - 172.23.20.125 255.255.255.128

internal RAVPN group policy
RAVPN group policy attributes
VPN-idle-timeout 30
VPN-filter value ra_acl
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list splitTunnel_raacl

type tunnel-group RAVPN remote access
attributes global-tunnel-group RAVPN
address-ra-pool
Group Policy - by default-RAVPN
IPSec-attributes tunnel-group RAVPN
pre-shared key xxxx

Crypto ipsec transform-set esp-3des esp-sha-hmac ravpn-series

Crypto dynamic-map 23 RAVPN set transform-set ravpn-set

card crypto ENOCMAP 4-isakmp dynamic ipsec RAVPN
========================================================================

Output
2 IKE peers: 94.58.71.99
Type: user role: answering machine
Generate a new key: no State: AM_ACTIVE

# sh crypto ipsec peer of his 94.58.71.99
address of the peers: 94.58.71.99
Tag crypto map: RAVPN, seq num: 23, local addr: x.x.x.x

local ident (addr, mask, prot, port): (0.0.0.0/0.0.0.0/0/0)
Remote ident (addr, mask, prot, port): (172.23.20.2/255.255.255.255/0/0)
current_peer: 94.58.71.99, username: shanilra
dynamic allocated peer ip: 172.23.20.2

#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
#pkts decaps: 117, #pkts decrypt: 117, #pkts check: 117
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, comp #pkts failed: 0, #pkts Dang failed: 0
success #frag before: 0, failures before #frag: 0, #fragments created: 0
Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
#send errors: 0, #recv errors: 0

EDIT: Sorry, just see that I read your config wrong. The vpn-filter is OK, but with split tunnel always not necessary.

Your vpn-filter-ACL is false (mixex source and destination). Please, remove the vpn filter from your group policy and test again if this works. Looks like you want your customers only to reach the two given networks. For this you need the vpn filter anyway, because they are the only networks that are reached in the split-tunnel-config.

Sent by Cisco Support technique iPad App

Tags: Cisco Security

Similar Questions

  • After the upgrade yesterday from Vista to Windows 7, now my Cisco VPN does not work and I get an error message titled: grounds 440 driver fault. Any ideas to fix this?

    After the upgrade yesterday from Vista to Windows 7, now my Cisco VPN does not work and I get an error message titled: grounds 440 driver fault.  Any ideas to fix this?

    This was the solution!  The works of vpn as $ 1 million now.  I followed the instructions above to enter the uninstall program and selecting the repair option.  I rebooted the machine, then used the troubleshooting on vpn software compatibility option.  Selected Windows windows xp (service pack 2) as the correct software and cisco vpn client started right up.

    Thanks, Nick!

    Rick

  • I get an error "the server does not support an SSL connection" with a code of error 0x800CCC7D in Outlook express.

    I followed Bruce Hagen and still cannot send to the OE section. Reception is no problem. When I try to send I got the following error msg: "the server does not support an SSL connection. "Account: 'pop.att.yahoo.com', server: 'smtp.att.yahoo.com', Protocol: SMTP, server response: ' 250 8BITMIME ', Port: 25, secure (SSL): Yes, Server error: 250, error number: 0x800CCC7D. I tried to change the port for outgoing to 456. When I do so I get this error msg: failed to connect to the server. Account: 'pop.att.yahoo.com', server: 'smtp.att.yahoo.com', Protocol: SMTP, Port: 456, secure (SSL): Yes, Socket error: 10060, error number: 0x800CCC0E.  Is there a cure for this. He just started two days or at least that's when I noticed I cud not send. If you can help me I will appreciate it more. Thank you.

    JP banks

    Original title: cannot send using OE 6. Reception Ok.

    Hi JPBANKS,

     

    Thanks for keeping us posted and share this information with us.

    Glad to know that the problem is solved. Do not hesitate to contact Microsoft Windows Forums for issues related to Windows in the future.

  • Is it possible to access the Microsoft Money 2005 file, if it does not accept your correct connection on the credential?

    Original title: Microsoft Money 2005 file logon.

    Is it possible to have access to your Money 2005 file if if does not accept your correct connection on the credential?

    Hi ChaserUP,

    Have you made changes on thecomputer before this problem?

    (a) If you use Windows Live ID, you can follow this link & check if the problem persists.

    Errors that you receive when you try to open Money by using your Windows Live ID credentials

    (b) if the problem persists, I recommend you contact Microsoft Money support for assistance.

    Hope the helps of information.
    Please post back and we do know.

  • The server does not support an SSL connection to a Hotmail account

    Original title: the server does not support

    The server does not support an SSL connection. Account: 'Hotmail', server: 'smtp.live.com', Protocol: SMTP, server response: 250 OK', Port: 25, secure (SSL): Yes, Server error: 250, error number: 0x800CCC7D

    The server does not support an SSL connection. Account: 'Hotmail', server: 'smtp.live.com', Protocol: SMTP, server response: 250 OK', Port: 25, secure (SSL): Yes, Server error: 250, error number: 0x800CCC7D

    Your Hotmail account is configured in Windows mail or Windows Live Mail. Yes?
    If the school is "none"... ignore the rest of my answer.

    If so,.

    Open Windows mail > tools > accounts > click your hotmail account > properties > advanced. Under outgoing (SMTP) Mail, change the port # 25 to 587 > click OK

    see if it's ok now by sending a test message to yourself.

    t-4-2

  • Windows live mail send error "the server does not support an SSL connection. Server error 250.

    Original title: Windows live mail error send

    Cannot send mail to Windows Live Mail.  Error message... The server does not support an SSL connection. Server error 250. Server - * address email is removed from the privacy *. Windows Live Mail error ID - 0x800CCC7D. SMTP Protocol.  Port 25.

    It's better, thank you. This message is not from the BT Server; It comes from your Avast antivirus which is intercepting your mail. You would be well advised to turn off the Avast Mail shield; It does not add any additional security if you don't by attention elsewhere, and can cause problems.

    I see that it is the record of mail in bulk that because of the problems in this case. Connect to the Web e-mail account and clear the items junk and deleted records.

    BT is recommended to use SSL, but your original question indicated that SSL was not taken in charge for SMTP on port 25. I think we'd better go on all your settings. Recommendations of BT are on this page: BT email: what are the settings for outgoing and incoming mail servers?, but they only work if you disable Avast scanning mail.

    Right-click on the account name in the folders pane, and then select Properties.

    • Under the servers tab, make sure that my server requires authentication is selected.
      Select connect with authentication in clear text.
    • On the Advanced tab, select this server requires a secure connection (SSL) for both servers.
      Make sure that the incoming (IMAP) port is 993 and port for outgoing (SMTP) is 465.

    When you've made all these changes, close Windows Live mail and wait five minutes for the program do its cleaning and save the modified settings. Then, restart the computer and make sure that the Mail of Avast shield is always off.

    Launch Windows Live Mail, then dial a new test message and send it to yourself. Post a new message in your response.

  • the component business project does not contain a valid connection

    Hello

    I get this warning appearing in my project when I run:

    WARNING: env_appln: the business component project does not contain a valid connection

    env_appln is the name of my project

    No one knows what it is and how I would go about fixing of this?

    Thank you
    -Mark

    Mark,
    It just tells you that the DB connection that is used in conjunction with the application module is not correctly configured (wrong username or wrong db pwd).
    Since you have not mentioned the jdev version you use I'll assume that 11g.
    Click the database tab, find the node with the name of your project and open the node. Inside, you will see the db connections uses the module of the application. Right-click on each one and select Properties, check if all directions are written and test the connection. If you see "Test passed" for all connections the error message should disappear.

    Timo

  • How to force the client to connect to the specific access point?

    I have a client that connects to an Access Point to the upper floor.  The connection is "Very low" and pings are restless.  Is there a way to force the client to connect to the point of access on its own soil in the hallway.

    Access Points using 1131AG; WLC2106

    PSK + WPA2

    Thank you

    There is not a way to force the client to use a specific side access point controller of things.  According to the specifications, the client decides when and where to associate.  You can try to disable some of the rates below data or lower power tx of the AP to reduce the coverage of each access point cell.  By doing this, the client cannot see the other as favourable AP.

  • The new version does not see my camera. But my cam works well with older versions. What should I do?

    The new version of Skype does not see my camera. But my cam works well with all older versions. And it works with any other programs as well.

    Try to uninstall the version 6.18 and install version Skype 6.14.0.104.

    You can use this download link for the 6.14.0.104 version:

    http://community.Skype.com/T5/Windows-desktop-client/ASUS-USB2-0-webcam-not-recognized-by-Skype-6-18...

    Don't forget to turn off the automatic updates:

    Tools-> Options-> Advanced-> automatic updates-> turn off automatic updates

  • Where to find a version of service pack 1 xp this need does not have an internet connection to install?

    service pack 1 xp

    Where to find a version of service pack 1 xp this need does not have an internet connection to install?

    The only version I know is the "broken" here:

    As is the case, assume that you can't get it.
    Why do you think you need? Were you running just a Clean Install? Or you are planning to do this? (And if so, why? It is VERY rarely necessary!)

  • I'm looking for a link to XP SP1 does not require a network connection to install

    I'm looking for a link to XP SP1 does not require a network connection to install

    Were you recently doing a Clean Install? I ask because you are implying in your installation of Windows XP is in 'gold' or SP0 (i.e., pre - SP1) level. Well sure, automatic updates will not work!
    You can use this path to level – says in passing:
    Gold XP to XP SP2 to XP SP3.
    Note that installing SP1a is TOTALLY USELESS!
    Here are the detailed instructions:

    1. download the installation of SP2, SP3 and IE8 files. I prefer to keep these on a USB key, but this is optional. Here are the links to all the installation of three files:

    http://www.Microsoft.com/download/en/details.aspx?ID=28 (for SP2)

    http://www.Microsoft.com/download/en/details.aspx?ID=24 (for SP3)

    http://www.Microsoft.com/download/en/details.aspx?displaylang=en&ID=43 (for IE8)

    And if you wish, download the Setup file of a good anti-virus program. I recommend Avira free Antivirus:

    http://www.Avira.com/en/Avira-free-antivirus

    2. disconnect Internet.

    3. temporarily disable the automatic updates.

    4. install SP2. Restart twice.

    5 install the SP3. Restart twice.

    6 switch to IE8. Restart twice.

    7 install an Antivirus software.

    (What happens very often is that someone has their software antivirus running as they try to install SP3, which often translates into chaos! "This is why it must be done after installing SP3 and IE).

    8 make sure that firewall Windows is activated (it should be).

    (Now you can physically reconnect to the Internet.)

    9 visit Windows Update to download and install only the critical security updates.

    10 re - enable automatic updates.

    After the back if you need guidance.

  • Computer does not recognize my hdmi connection after sleep

    OT: Audio playback problem
    I am running win7 Home premium 64-bit and use media center to record tv programs, therefore, I use "sleep" mode my problem is when the computer wakes up it does not recognize my hdmi connection [says its unplugged when actually plugged] but returned to s/pdif, I can't activate hdmi in the playback device , the only way I can fix it is to stop and restart and hdmi then returned as default device and s/pdif shows like ready makes me crazy anyone can help

    To clarify, is the problem with the audio or audio and video?

    Try to update your video driver at the latest from the manufacturers Web site.

  • My gmail does not refresh when I connect to my account.

    Original title: gmail is my sign into account but will not regenerate

    my gmail does not refresh when I connect to my account. I know I have mail in my Inbox because it is there on my phone.

    If your gmail email address is your user name Microsoft Account, it is not actually going to receive incoming emails by default.  For example, you can go to www.outlook.com and sign in with your Microsoft Account (your gmail address), but there is no email because the email is really going in the Google Web site.  There is one step more that it takes to get your gmail emails flowing through them so you options for how do.

    1. Configure your Microsoft account to 'pull' your gmail emails
      This method sets the upward so that the Microsoft Account connects to Gmail, downloads email and then displays them on your computer Windows 8.  You make this unique facility of inside Outlook.com.  I've written about how to do it on my blog here (I wrote it for a different purpose, but the steps are identical).

      If you perform this step, you can also delete your Google account from your phone and setup of your phone to synchronize with Outlook.com instead.  You will always get and send emails with your Gmail address, it uses just Outlook as server.

      or

    2. Add your Gmail for Windows 8 Mail App separately
      This option is easier to install, but I do not personally (just because of how Gmail behaves a little different). But there is no problem with him.  I've written about how to do it also with a video demonstration: Use Gmail in Windows 8.

      If you use this option, go to your Mail application settings and uncheck the "E-mail" to your Microsoft Account (the first listed email account) so that you do not have two accounts showing in your email application.

    I would like to know if you have any questions or problems.

  • Does not recognize my internet connection for installation

    never it don't let me do the final registration, because it does not recognize my internet connection

    Needs of Internet cloud

    https://forums.Adobe.com/thread/1549838

  • Desktop Adobe creative cloud does not detect my internet connection?

    Desktop Adobe creative cloud does not detect my internet connection?

    I connected with the people from adobe by "contact an agent.

    very useful, they remote managed my office to fix the problem.

    apparently something to do with permissions not enabled for adobe, don't know how and why it is going well, or why it was much earlier and suddenly stoppped.

    They insisted it's to do with a wifi connection, but this is not possible because I have my laptop next to my office right and which worked very well.

    It took about four hours to fix, so be patient!

Maybe you are looking for

  • Apple Watch noob

    So I got a Apple Watch for father's day... pretty cool, but I have to be honest, I have NO IDEA how to use it, or why some things work sporadically or not at all. At the moment is issue Twitter. The application is installed and and see the day before

  • How can I disable locking 1 click on the vertical scroll bar?

    Whenever I click on the scroll bar green that it lights up blue and the locks. How can I activate this function it drives me crazy.

  • How to remove GDELTEMP?

    original title: GDELTEMP I found GDELTEMP on my computer.   It's eating up my free space.  Currently, it took 162.2 Go.  I can't find where it is.  I used the anitvirus AVG. Piriform ccleaner and spybot.  None of them was found.  I tried several time

  • How can I root Xperia U on 2.3.7 android?

    Hi, how can you I root my U Xperia with Android 2.3.7 and build a 6.0.B.3.188? I want to root for the backup of my firmware and then update manually to ICS. Please help me

  • ' No Audio ' FAQ

    This FAQ is being changed. Please ask your question on the portable computer Audio card and I will he answer here.