Solved: VPN doesn't work with the overlap ip address?

weerapatr · ‎02-19-2007

When I connected my adsl router and got ip address is 10.1.1.1/8 then I use remote access vpn terminating on firewall then authentication work fine and got ip address from the pool is 10.7.0.1/16 but I can't access local lan from this if I dialed-up from my pc and got ip address 2x2.102.x.y then I connected remote access vpn and authentication I can access local lan no problem.

It is routing issue on pc with overlap ip or not ???

please clarify or provide helpfull link

Thank

kaachary · ‎02-21-2007

Hi,

It seems like its a nat-t issue.

Make sure the VPN headend has "isakmp nat-t" enabled (if its a PIX) . If a concentrator, please make sure "IPsec NAt-T" is enabled.

Also, make sure, on the client, "Enable Transparent tunneling" is checked, with IPSec over UDP NAT/PAT selected.

HTH,

-Kanishka

View solution in original post

Kamal Malhotra · ‎02-20-2007

Hi,

For further analysis, please do this :

1. Connect via ADSL router.

2. Goto command prompt of the PC and obtain the output of 'route print'.

3. Disconnect and connect via dial-up.

4. Goto command prompt of the PC and obtain the output of 'route print' again.

5. Post both the outputs with correct labels.

I'll try to analyse and respond back.

HTH,

Please rate if it helps.

Regards,

Kamal

kaachary · ‎02-21-2007

Hi,

It seems like its a nat-t issue.

Make sure the VPN headend has "isakmp nat-t" enabled (if its a PIX) . If a concentrator, please make sure "IPsec NAt-T" is enabled.

Also, make sure, on the client, "Enable Transparent tunneling" is checked, with IPSec over UDP NAT/PAT selected.

HTH,

-Kanishka