My project involves soho 871 router connecting to headend 3845 router over unencrypted MPLS network for data communication. For Client PC behind 871 router in remote site, they need to enable Cisco VPN client and connect to headend 3845 so that they can access information behind core 6506 switch.
To minimize the setup, I would like to prepare single VPN profile for all remotes. Therefore, I plan use lo0 int for VPN termination. However, I found that when VPN connection is up over the lo0 int, the remote client PC can "ping" lo0 only but cannot "ping" all other IP address. However, when I establish the connection to interface IP address on 3845 router, the connection is all ok.
I attached my config for VPN and the diagram. Can anyone help?
You need to change your split-tunnel ACL to:
ip access-list extended FEHD_VPN
remark *** Outbound VPN client traffic ***
permit ip 10.0.0.0 0.255.255.255 10.65.215.0 0.0.0.255
Note: Not sure what is the purpose of 'permit ip host 0.0.0.0 host 0.0.0.0'