RE: EzVPN working in just single way

Dear Joseph,
I verified all of these, and if you don't mind please have a look at what I
have:-

ciscoasa# show run nat
nat (inside) 0 access-list inside_nat0_outbound

ciscoasa# show run access-list inside_nat0_outbound
access-list inside_nat0_outbound extended permit ip any 192.168.150.0
255.255.255.0

ciscoasa# sho run ip local pool
ip local pool bank 192.168.150.20-192.168.150.30 mask 255.255.255.0

MY pc got the IP 192.168.150.20, I can't ping the inside interface of the
ASA,,,, while I can see it arrive to the ASA using show crypo ipsec sa...

Anyone from the inside can ping me.

Regards,
Amin

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Joseph L. Brunner
Sent: Sunday, August 30, 2009 1:26 PM
To: CCIE; ccielab_at_groupstudy.com
Subject: RE: EzVPN working in just single way

Please confirm acl's on the asa inside or other interface facing the
resources.
Please confirm nat is not occurring for your pool address.
Please confirm internal network knows how to get back to the ASA pool
address your leasing.

Please post the results of

Show run nat
Show access-list
Show run access-group

From any internal routers

Post the result of "show ip route <pool ip>

Thanks,

Joe

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of CCIE
Sent: Sunday, August 30, 2009 6:17 AM
To: ccielab_at_groupstudy.com
Subject: EzVPN working in just single way

Hi experts,

I have setup and EzVPN between ASA and VPN client software, the VPN client
can connect and establish a VPN session with the VPN server, the devices
behind the VPN server can ping and access any resources on my PC, but I
still can't access any resource from the server side, even once I run show
crypto ipsec sa it shows me that the server side is getting that traffic and
decrypt it.

Regards,

Amin

Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 30 2009 - 13:51:29 ART