05-10-2008 02:56 PM - edited 02-21-2020 03:43 PM
concentrator is connected with core switch and server 172.28.31.171(server) is also connected in core switch.
InterVLN routing is working fine. server and conncentrator is able to reach other via core switch.
concentrator private Ip address 172.28.31.92/248
VPN POOL: 172.28.31.128/248
Core switch Ip address is 172.28.31.91
Client is able to connect without any problem, but client not able to ping or connect with any network device.
In VPN session i can see bytes send and receive. My LAN-2-LAN tunnles are working fine without any problem.
No firewall involoved in the path between the concentrator and desired server 172.28.31.171.
Both connected on same switch but different VLAN. Inter VLAN routing is working and both are able to ping.
ONly remote access client 172.28.31.128/248 is not able to reach anywhere.
Core switch routing table
ip route 172.28.0.0 255.255.0.0 172.28.31.68
ip route 172.28.0.0 255.255.224.0 172.28.31.77
ip route 172.28.31.128 255.255.255.248 172.28.31.92
ip route 172.28.32.50 255.255.255.255 172.28.31.92
ip route 172.29.0.0 255.255.0.0 172.28.31.68
Concentrator routing table
172.28.31.160 255.255.255.224 via 172.28.31.91
172.28.92.0 255.255.255.0 via 172.28.31.91
172.29.0.0 255.255.0.0 via 172.28.31.91
192.168.0.0 255.255.0.0 via 172.28.31.91
172.28.31.170 255.255.255.255 via 172.28.31.91
Split tunnel is enable for
172.28.31.88/0.0.0.7
192.168.0.0/0.0.255.255
172.29.0.0/0.0.255.255
172.28.92.0/0.0.0.255
172.28.31.170/0.0.0.0
172.28.31.171/0.0.0.0
05-10-2008 07:24 PM
Hi, Im trying to dicypher your ip scheme and Im seeing something odd,
"ONly remote access client 172.28.31.128/248 is not able to reach anywhere."
you are using 172.28.31.128 for your vpn pool network with a 29bit mask, at least this is what your description entails , this network allows for a range of 8 addresses from 128 to 135, the 172.28.31.128 is the network addresss therefore it cannot be used for assigning it to any host, and 135 is broadcast address.
Jorge
05-11-2008 08:30 AM
172.28.31.128/248 is the pool that is defined on the vpn concentrator, client Ip start from 172.28.31.129-172.28.31.133.
client gets the ip 172.28.31.129 and still not able to reach the internal network. my site to site vpn are working fine, only problem with remote access vpn.
05-11-2008 09:37 AM
On the concentrator in your vpn tunnel group for RA clients , under Client config tab do you have IPsec over UDP checked on, as well as IPec over udp port 1000, this is asuming clients are using default Ipsec over UDP port 1000 in their client settings.
You may also need to enable NAT-transparency under Tunneling Protocol\IPsec\NAT Transparency (Ipsec over NAT-T).
05-12-2008 04:28 AM
my dear there is no firewall or NAT device between the client and server, it is simply conncentrator that is connected with switch, and server is also connected with that switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide