Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
2
Replies

Cant access after VPN

wasiimcisco
Level 1
Level 1

‎05-09-2008 12:03 PM - edited ‎03-11-2019 05:42 AM

My remote access client are not able to ping inside network.

my concentrator is connected with core switch.

My 172.28.31.171 is also connected in core switch. InterVLN routing is working fine. server and conncentrator is

able to reach other via core switch.

concentrator private Ip address 172.28.31.92/248

Public IP address: 208.74.112.157

VPN POOL: 172.28.31.128/248

Split tunnel is enable for 172.28.0.0/16, 172.29.0.0/16.

Routing on concentrator is

172.28.0.0/16 is connected via 172.28.31.91

172.29.0.0/16 is connected via 172.28.31.91

Core switch Ip address is 172.28.31.91

Core switch also has the route

ip route 0.0.0.0 0.0.0.0 172.28.31.85

ip route 10.0.0.0 255.255.224.0 172.28.31.68

ip route 10.11.0.32 255.255.255.224 172.28.31.68

ip route 172.28.0.0 255.255.0.0 172.28.31.68

ip route 172.28.0.0 255.255.224.0 172.28.31.77

ip route 172.28.31.128 255.255.255.248 172.28.31.92

ip route 172.29.0.0 255.255.0.0 172.28.31.68

ip route 172.31.205.224 255.255.255.224 172.28.31.68

ip route 192.168.249.0 255.255.255.0 172.28.31.68

ip route 192.168.250.0 255.255.255.0 172.28.31.68,

As u have tested you are able to connect but not able to reach anywhere, though from internal network I can ping your vpn IP 172.28.31.129.

In VPN session i can see sometimes bytes send and receive, and sometime only sending no recving.

No firewall involoved in the path between the concentrator and desired server 172.28.31.171.

Both connected on same switch but different VLAN. but Inter VLAN routing is working and both are able to ping.

ONly remote access client 172.28.31.128/248 is not able to reach anywhere.

VPN concentrator has public default filter on public interface and private filter on local interface.

Concentrator version is 4.7

Labels:
0 Helpful
2 Replies 2

rkalia1
Level 1
Level 1

‎05-09-2008 05:17 PM

What is your split tunnel policy on Concentrator? Pls let know which options are selected.

0 Helpful

wasiimcisco
Level 1
Level 1
In response to rkalia1

‎05-09-2008 05:21 PM

only tunnel specified network in the list.

which are already mentioned in the post.

My lan to lan tunnel is working fine, only problem with remote access vpn tunnel. same configuration, is working fine in another office without any problem, only problem here, i have checked the configuration so many times, but everytime i found it same. dont know which thing is missing

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card