cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
819
Views
0
Helpful
3
Replies

Loopback Interface for Client to Site VPN termination

leon.mflai
Level 1
Level 1

My project involves soho 871 router connecting to headend 3845 router over unencrypted MPLS network for data communication. For Client PC behind 871 router in remote site, they need to enable Cisco VPN client and connect to headend 3845 so that they can access information behind core 6506 switch.

To minimize the setup, I would like to prepare single VPN profile for all remotes. Therefore, I plan use lo0 int for VPN termination. However, I found that when VPN connection is up over the lo0 int, the remote client PC can "ping" lo0 only but cannot "ping" all other IP address. However, when I establish the connection to interface IP address on 3845 router, the connection is all ok.

I attached my config for VPN and the diagram. Can anyone help?

1 Accepted Solution

Accepted Solutions

yongl
Level 1
Level 1

Hi there,

You need to change your split-tunnel ACL to:

ip access-list extended FEHD_VPN

remark *** Outbound VPN client traffic ***

permit ip 10.0.0.0 0.255.255.255 10.65.215.0 0.0.0.255

Note: Not sure what is the purpose of 'permit ip host 0.0.0.0 host 0.0.0.0'

View solution in original post

3 Replies 3

yongl
Level 1
Level 1

Hi there,

You need to change your split-tunnel ACL to:

ip access-list extended FEHD_VPN

remark *** Outbound VPN client traffic ***

permit ip 10.0.0.0 0.255.255.255 10.65.215.0 0.0.0.255

Note: Not sure what is the purpose of 'permit ip host 0.0.0.0 host 0.0.0.0'

Hi,

I tried your advice but it still not work. Actually, "permit ip host 0.0.0.0 host 0.0.0.0 ...." is for tunnel-all but even if I removed the "ACL...." in the crypto setup. I inspected the VPN client stats in the Cisco VPN client.

Hi,

Your reply stimulated my memory in split tunnel setup.

tks

Leon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: