Cisco easy vpn
So I'm sure we all know the easy aint so easy.. having some issues maybe someone can help with.
I have 2 5505's one as client using client-mode and one as a server.
We can connect the tunnel and I see encaps from my vpn address of 10.30.40.1 - I log into the server and see decaps but I dont see any encaps on the server end or decaps on the client end - so we have a one way traffic issue
===== server
nat (inside) 0 access-list inside_nat0_outbound
access-list ezvpn_splitTunnel standard permit 172.16.30.0 255.255.254.0
access-list inside_nat0_outbound extended permit ip 172.16.30.0 255.255.254.0 10.40.30.0 255.255.255.0
group-policy ezvpn attributes
dns-server value 4.2.2.2 8.8.8.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ezvpn_splitTunnel
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
=== client
#pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 5, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
So it looks like the client is encapsulating packets to the server but the server isnt sending them back??
Can someone offer some suggestions? I've rebuilt this thing like 10 times with different ways... rebuilt using the ASDM wizard too and still same issue.
What am I missing? I was thinking that the server was nat'ing but show xlate doesnt show any translations its as if it just drops the packet and looks at the wall.
I have 2 5505's one as client using client-mode and one as a server.
We can connect the tunnel and I see encaps from my vpn address of 10.30.40.1 - I log into the server and see decaps but I dont see any encaps on the server end or decaps on the client end - so we have a one way traffic issue
===== server
nat (inside) 0 access-list inside_nat0_outbound
access-list ezvpn_splitTunnel standard permit 172.16.30.0 255.255.254.0
access-list inside_nat0_outbound extended permit ip 172.16.30.0 255.255.254.0 10.40.30.0 255.255.255.0
group-policy ezvpn attributes
dns-server value 4.2.2.2 8.8.8.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ezvpn_splitTunnel
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
=== client
#pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 5, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
So it looks like the client is encapsulating packets to the server but the server isnt sending them back??
Can someone offer some suggestions? I've rebuilt this thing like 10 times with different ways... rebuilt using the ASDM wizard too and still same issue.
What am I missing? I was thinking that the server was nat'ing but show xlate doesnt show any translations its as if it just drops the packet and looks at the wall.
