Cisco Router - Dynamic IPSec VPN Clients cannot communicate with each other

Unanswered Question
Apr 2nd, 2007

Hi all,

First time post and hope someone can help me! I have been dealing with a problem on our 1751 router which has been ongoing for some time.

The router running 12.3(2) K9 IOS and is configured for dynamic VPN IPsec connections. Remote users use Cisco VPN client software v 4.0.5. (Please see attached diagram for more details)

The VPN connections work fine, we can access the .42.0/24 and .60.0/24 networks and can also access the Internet through the tunnel

The problem is one client connected via VPN cannot ping another client connected via the VPN.

We need this functionality in order to utilise softphones between connected users.

The router hands out addresses from the subnet.

I have included a config of our router and a network diagram below.

Can anyone please tell me where I am going wrong? I have been trying for months to resolve this!

Many, many thanks in advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Fri, 04/06/2007 - 08:55

I think you need to add NAT transperancy in your router config. Also enable IPSec over NAT-T.

jimw25 Mon, 04/09/2007 - 11:15

Thanks for your reply didyap,

Do you know of any good config guides for what I need?


stefan.jones Sun, 04/15/2007 - 10:05

I think the NAT overload is still affecting this traffic from mobile user to mobile user. This traffic still goes through the Dialer interface both ways.

This is definitely the case if you see receive errors incrementing on the client statistics.

Make sure you deny NAT to and from the .50.x network?


This Discussion