easyVPN remote problem

Unanswered Question
Mar 10th, 2007
User Badges:

Setup


-871 EasyVPN Remote (client mode)connecting to VPN3000

-tunnel comes up fine

-loopback gets an ip from VPN3000 LAN side

-can ping from loopback int to hosts on 3000 LAN side just fine

-cant ping from any other interface

-vlan1 is inside easyVPN, fast4 is outside easyVPN


how do you I get the packets to be translated to the ip on the loopback interface in order to travel through the tunnel? Supposedely, easyvpn is supposed to setup NAT/PAT for you.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tsmarcyes Sun, 03/11/2007 - 11:27
User Badges:

I tried to ping from a client connected to the 871. it doesnt work. The only ping that will work is from the loopback interface that has the ip given to it from the 3000. This makes sense of course because the IP is on the same subnet as the LAN side of the 3000.


You said that easyvpn supports NAT, but do you have to explicitly configure it when in client mode or does easyvpn configure it for you?


Here is my config for the 871



Attachment: 
johnd2310 Sun, 03/11/2007 - 15:15
User Badges:
  • Silver, 250 points or more

hi,

your config looks fine. You might need to check the policy on the concentrator. Are you tunneling everything or are you doing split tunnelling. You can check the policy the 871 is receiving using "show crypto ipsec client ezvpn"


tsmarcyes Sun, 03/11/2007 - 16:01
User Badges:

i did the show crypto ipsec client ezvpn and it doesnt show anything about a policy or anything. It shows what interfaces are inside/outside, current peer, current state = active, dns servers, tunnel name...


It saids nothing of a policy or whats be tunneled.


Does split tunneling cause problems?

johnd2310 Mon, 03/12/2007 - 03:40
User Badges:
  • Silver, 250 points or more


"show crypto ipsec client ezvpn" should show you what settings the 871 is receiving from the concentrator. If you are using split tunneling then the above command should show you what addresses will be tunneled e.g. following line might appear in output of above command


Split Tunnel List: 1


Address : 192.168.200.0

Mask : 255.255.255.0

Protocol : 0x0

Source Port: 0

Dest Port : 0


Check your config on the concentrator.


tsmarcyes Tue, 03/13/2007 - 00:39
User Badges:

guess Im not using split tunneling because I'm not seeing that when i issue that command.

Actions

This Discussion