VPN Connection up, but Internet traffic does not route.

Unanswered Question
Aug 7th, 2008
User Badges:

Ok, we recently had to change out our router (non-cisco) and set it up a new one (2811) with VPN and PPPoE. We have several 2811's setup in our network now and we are struggling with why this one is not working correctly.

Ususally we start with getting internet, then fight to get the VPN up and going, well this time, we are backwards to that. All traffic through the VPN is working fine, but cannot access the Internet.

We use 10.xxx.xxx.xxx numbers for our different sites. And this particular ISP uses 10.xxx.xxx.xxx for there routes, we thought this would cause us some issues with the VPN, but the VPN works fine. But, how can we route the internet traffic out through the ISP correctly?

Does this make since? Would seeing some config be useful? Am I just lost?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Thu, 08/07/2008 - 18:37
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ofcoures the overlaped IP addressing couseing the problem


when you define your interesting traffic and assign it to VPN crypto map with command match ip address

the VPN will consider this traffic in matched by that ACL as intereting traffic to be tunneled by the VPN

an at the same time you have the same addressing number for your ISP

so the traffic will be encrypted and tuinneled befor being routed to your ISP

i suggest you to use deffrent IP adressign for your sites

you can play around it with nating at remote sites but will make complicated and hard to troubelshoot when u get any problem in the future

if you need any more details just post it here

good luck

please, if helful rate

jonno634_ Fri, 08/08/2008 - 06:55
User Badges:

I am not a router person... but they use the 10.xxx range on there gear that routes me to there server then out on the internet. If I do a traceroute on the router, they do not return as hosts (they return * * * *). I do not know if that makes a difference. From the router, I can ping google.com (via ip address) and the traceroute makes it all the way also. but the client computers connected to that router cannot ping, browse, etc to that host. The router says unknown host or something like that. However, they can use the VPN.


This Discussion