IOS VPN Remote Access problems

Unanswered Question
Aug 20th, 2008
User Badges:

Hi guy,


I am new to Cisco discussions so welcome everyone. Can anyone help me please? I am having the following problems after establishing an IPSec VPN connection between a Cisco 877 router and Cisco VPN client:


1. I can't ping outside global IP addresses through the router,


2. I can't ping outside global IP addresses through local gateway after enabling split-tunneling on the router,


3. The IP address on the vpn client does not equal to the default gateway IP address being assigned from the local pool on the router. Should they not be the same?


I am posting relevant parts of the router config. Please ask me for more details and suggest some solution to my problem.


Thanks and best regards,

Remy



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Wed, 08/20/2008 - 22:28
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

try to remove the following line


do:


no crypto isakmp client configuration address-pool local ipPool



remi-reszka Thu, 08/21/2008 - 05:30
User Badges:

Hi marwanshawi,


Thanks for your reply. I will try it right away but by removing the above line I won't prevent clients from getting their IP addresses from the ipPool?


Thanks

Marwan ALshawi Thu, 08/21/2008 - 06:34
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

they will take through


crypto isakmp client configuration group remote_users

key xxxxxxxxx

dns xxxxxxx

pool ipPool


where pool mean the ip pool address

remi-reszka Thu, 08/21/2008 - 06:52
User Badges:

cool. I'll let you know the results as soon as I test it. Thanks very much.

remi-reszka Thu, 08/21/2008 - 08:38
User Badges:

Hi marwanshawi,


I tried your suggestions and it did not helped. I can still ping private addresses behind the router (VPN server) however unable to ping global outside IP addresses. When I try to ping FQDN it seems like it's being resolved but no responses from destinations. Do I need to modify ACL on the outside interface for the ipPool (I did however but no help).


Thanks in advance for all suggestions.


Remi

Actions

This Discussion