Re: EzVPN working in just single way

Please post the output of

show crypto ipsec sa (removing any senstive information) from the ASA

Also on the VPN client's 'statistics' do you see both encr and decr cout
increase (when you ping)?

2009/8/30 CCIE <ccie_at_axizo.com>

> Even I tried.. I tried to ping 10.0.2.1 hnot working.
>
> While 10.0.2.1 can ping 192.168.150.20 hWorks perfectly
>
>
>
> *From:* Farrukh Haroon [mailto:farrukhharoon_at_gmail.com]
> *Sent:* Sunday, August 30, 2009 1:56 PM
> *To:* CCIE
> *Cc:* Joseph L. Brunner; ccielab_at_groupstudy.com
> *Subject:* Re: EzVPN working in just single way
>
>
>
> Don't try to ping the ASA IP itself, try to ping any other server on the
> inside.
>
> On Sun, Aug 30, 2009 at 1:51 PM, CCIE <ccie_at_axizo.com> wrote:
>
> Dear Joseph,
> I verified all of these, and if you don't mind please have a look at what I
> have:-
>
> ciscoasa# show run nat
> nat (inside) 0 access-list inside_nat0_outbound
>
> ciscoasa# show run access-list inside_nat0_outbound
> access-list inside_nat0_outbound extended permit ip any 192.168.150.0
> 255.255.255.0
>
> ciscoasa# sho run ip local pool
> ip local pool bank 192.168.150.20-192.168.150.30 mask 255.255.255.0
>
> MY pc got the IP 192.168.150.20, I can't ping the inside interface of the
> ASA,,,, while I can see it arrive to the ASA using show crypo ipsec sa...
>
> Anyone from the inside can ping me.
>
>
> Regards,
> Amin
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>
> Joseph L. Brunner
> Sent: Sunday, August 30, 2009 1:26 PM
> To: CCIE; ccielab_at_groupstudy.com
> Subject: RE: EzVPN working in just single way
>
> Please confirm acl's on the asa inside or other interface facing the
> resources.
> Please confirm nat is not occurring for your pool address.
> Please confirm internal network knows how to get back to the ASA pool
> address your leasing.
>
> Please post the results of
>
> Show run nat
> Show access-list
> Show run access-group
>
> From any internal routers
>
> Post the result of "show ip route <pool ip>
>
> Thanks,
>
> Joe
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> CCIE
> Sent: Sunday, August 30, 2009 6:17 AM
> To: ccielab_at_groupstudy.com
> Subject: EzVPN working in just single way
>
> Hi experts,
>
>
>
> I have setup and EzVPN between ASA and VPN client software, the VPN client
> can connect and establish a VPN session with the VPN server, the devices
> behind the VPN server can ping and access any resources on my PC, but I
> still can't access any resource from the server side, even once I run show
> crypto ipsec sa it shows me that the server side is getting that traffic
> and
> decrypt it.
>
>
>
> Regards,
>
> Amin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 4314 (20090807) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 4314 (20090807) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 30 2009 - 14:03:45 ART