[Vpn-help] Traffic to Cisco VPN 3000 goes only in one direction
Matthew Grooms
mgrooms at shrew.net
Mon Sep 14 01:48:32 CDT 2009
Martin Emrich wrote:
> Hello!
>
> I just tried to connect to our Cisco 3005 VPN box using both the latest stable and development release. The connection succeeds, but I cannot reach any host trough the connection. I noticed that if I ping a host, the ICMP echo-request reaches the host, but the answer does not get back to the VPN client. What could I do?
>
Hi Martin,
You can look at the IPsec daemon output after setting the log output to
debug and restarting it. If the packet is being received, you should see
output like this ...
-> : send ESP packet x.x.x.x -> y.y.y.y ( 112 bytes )
<- : recv ESP packet y.y.y.y -> x.x.x.x ( 112 bytes )
If you don't see the return packet, I would try to investigate why the
return packets don't reach your host. Sometime older NAT routers have
problems with NAT-T. You could try disabling this and give it another shot.
Hope this helps,
-Matthew
More information about the vpn-help
mailing list