I am working with an ASA running 8.x and a Cisco VPN client running
4.6.03.0021. The client connects fine (passes phase 1 and phase2 and traffic flows downstream of the client which I have captured. It appears as though the traffic it not returned to the client as all sessions timeout.I have other clients using this same profile without issue. It appears that the clients having the problem all have the following in common:
Physical NIC IP Address. . . . . . . . . . . . . : 192.168.2.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . :
Cisco Systems VPN Adapter IP Address. . . . . . . . . . . . : 172.16.1.25 Subnet Mask . . . . . . . . . . . : 255.255.255.240 Default Gateway . . . . . . . . . : 172.16.1.25
You will notice that the Cisco VPN Adapter is given an IP Address and Mask from the ASA via a configured address pool.
I have other Cisco VPN client running version 3.6.x and 5.x that do not have this issue. I ruled out the common issues NAT-T, MTU, etc.
I was hoping some one could confirm or deny whether this IP addressing issue may be the culprit.