Answered Question
May 26th, 2008
User Badges:

My remote access vpn client is not able to connnect with internal network.

concentrator is connected with core switch and server is also connected in core switch.

InterVLN routing is working fine. server and conncentrator is able to reach other via core switch.

concentrator private Ip address


Core switch Ip address is

Client is able to connect without any problem, but client not able to ping or connect with any network device.

In VPN session i can see bytes send and receive. My LAN-2-LAN tunnles are working fine without any problem.

No firewall involoved in the path between the concentrator and desired server

Both connected on same switch but different VLAN. Inter VLAN routing is working and both are able to ping.

ONly remote access client is not able to reach anywhere.

Core switch routing table

ip route

ip route

ip route

ip route

ip route

Concentrator routing table via via via

Split tunnel is enable for

See the attachement which shows client connects successfully but only sending not receving anything. I have checked

with changing the mtu size and by enabling and disabling the NAT_T. But no success.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
wasiimcisco Mon, 05/26/2008 - 10:13
User Badges:

kindly see the attachement for routing table of concentrator. I dont think so there is routing issue, bcz all network devices are able to reach concentrator, and cocnentrator is able to reach the all network. is switch in which concnetrator private interface is connected. both are able to reach each other, i have so many site to site vpn tunnels and they are working fine, only problem with remote access vpn.

wasiimcisco Mon, 05/26/2008 - 12:31
User Badges:

see the attachement for address pool. and see the core switch routing table in which all network is connected.

ip route

it is sending all traffic for destination of towards concentrator private interface

OK - all that looks, you still could have an issue, you have a route in the core for:-

ip route - which covers the subnets you are using. I know you have a more specific route to point to the concentrator, rather than the device

I would try testing with another un-used IP subnet...say in the concentrator with a route in the core for:-

ip route

And see if the works?

wasiimcisco Mon, 05/26/2008 - 14:06
User Badges:

core switch routing

ip route

see the attachement for concentrator configuration for vpn pool, client connects gets the ip but still not able to reach anywhere.

wasiimcisco Tue, 05/27/2008 - 02:34
User Badges:

problem solved, i changed the vpn pool and enable the NAT-T and it is working fine, thanks for your continous support and help and being with me during this troublehsooting.

but i m still thinking about why it works after enabling NAT-T, though there is no firewall involved, no NAT device in the way of concentrator and client.

Please explain, if you know, anyway, once again thanks for your help.


This Discussion