VPN between Cisco 837 and VPN 3030 issue

Unanswered Question
Sep 12th, 2007

Hi

I have a VPN tunnel setup across the internet using a Cisco 837 and VPN3030. No users at the remote site are allowed access to the internet, just the VPN.

I have DHCP set up on the 837 for the remote users which gives a DNS server address of a central DNS server, but the PCs dont register themselves with the DNS server.

On further investigation, the PCs are sending their DNS request to the 837 as this is their DHCP server and the router doesnt forward the DNS request down the tunnel. A ping from the router also fails to destinations down the tunnel.

I think that the packets source is originated from the ADSL interface and not the ethernet interface (which is allowed by access list down the tunnel).

Is there a way round this?

Thanks

Richard

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lapascua06 Mon, 09/17/2007 - 00:27

Hi,

If you do a ping from the router, the traffic would be source on the ADSL interface. Make sure to do an extended ping sourcing on the ethernet interface of the router. The ip address of the DNS server given to your Users must be its private address and must included on the interesting traffic definded on your crypto ACL.

To test if the VPN tunnel is working fine, do an extended ping from the router to the VPN concentrator's private interface first.

Hope this helps....

Cheers,

lapascua

Actions

This Discussion