Easy VPN server and router with multiple adsls

Unanswered Question
Jul 31st, 2008
User Badges:

Hi i have set up an easy vpn server on cisco 1841 running Adv.IP Services 12.4.20.T

The router has 2 adsls and they are configured for load balancing. There is no def.gw configured. Instead, the ppp ipcp route default command exists in both dialer interfaces. Using CEF, i have load balancing working fine.

Dialer 1 interface has static IP, hence we want this to accept the vpn connections.

I have also set a local policy route-map saying that each packet with source IP that of the dialer interface, should leave via dialer 1.

But, when a VPN client tries to connect to the router, it gets associated but all the encypted replies from the router are exiting dialer 2 interface. This is a different ISP and so, it blocks these packets.

Whatever destination inside the local lan, the vpn client tries to reach, here is what happens (i have debugged and seen the packets):

Packets from the vpn client, arrive to the router, get decrypted and then forwarded to the lan.

The local host replies, packets arrive to the router, get encrypted and...exit the wrong interface!!

When i insert in the routing table of the 1841, a static entry for the remote host via dialer 1, everything works fine!

Is there a way to overcome this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Sat, 08/02/2008 - 18:25
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

not sure but try the following idea

make a static route on the route that any packet going to the VPN client network address should go throught dialer1

for example if the vpn users useing pool like

ip route 192.168..1.0 interface dialer 1

and good luck

if helpful Rate

dwtcp Sun, 08/03/2008 - 22:05
User Badges:

Hi, i have already tried that but didn't work!

The reason i guess is that those client networks should be routed via a random virtual access interface that is created as soon as a vpn client is associated.

There must be done something with this virtual access interface.

Thanks a lot for the post.



This Discussion