2821 VPN Client ACL and NAT woes - can't access internal LAN

Unanswered Question
Aug 6th, 2008
User Badges:

I'm having trouble getting my configuration to work properly and I've spent countless hours researching with no luck.

This is a simple problem I hope. Once connected to the 2821 via the Cisco VPN Client (V5), I can access the router's LAN IP and even telnet into it without any problems but I cannot access any other IP's on the network.

I started using Virtual-Templates and I couldn't get it to work so I changed the config per articles and posts that I had been reading.

How can I make this configuration work? Do I have to use virtual-templates (or should I)?

Any help would be greatly appreciated!!!!

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)


The config supplied looks OK - have you compared it against the various types in in the below link??


also I did notice you are using a VPN pool ip subent that is different from the LAN subnet?

Do all other devices on the LAN have the routers ip address as a default gateway?? You might want to change the VPN ip pool to a subnet of the LAN ip range for testing to see if it is a simple routing issue?


rbdrake22 Wed, 08/06/2008 - 15:49
User Badges:

I tested and it does work if I specify an IP pool on the LAN subnet, I'd like to keep the users on a different subnet though. Any Idea how I can make that work?

Thanks for your help!


This is not the solution you are looking for - if you have tested assinging the VPN users IP address in the same range as the LAN subnet - and this works? When you change the IP subnet to something differenet - and remote users can only access the router - the issue is not the VPN or router, the issue is your routing on the LAN.

Do you have another layer 3 routing device on your LAN? IS the default gateway on the servers & workstations point to the 2821 router?



This Discussion