08-20-2008 09:05 PM - edited 02-21-2020 03:54 PM
Hi guy,
I am new to Cisco discussions so welcome everyone. Can anyone help me please? I am having the following problems after establishing an IPSec VPN connection between a Cisco 877 router and Cisco VPN client:
1. I can't ping outside global IP addresses through the router,
2. I can't ping outside global IP addresses through local gateway after enabling split-tunneling on the router,
3. The IP address on the vpn client does not equal to the default gateway IP address being assigned from the local pool on the router. Should they not be the same?
I am posting relevant parts of the router config. Please ask me for more details and suggest some solution to my problem.
Thanks and best regards,
Remy
08-20-2008 10:28 PM
try to remove the following line
do:
no crypto isakmp client configuration address-pool local ipPool
08-21-2008 05:30 AM
Hi marwanshawi,
Thanks for your reply. I will try it right away but by removing the above line I won't prevent clients from getting their IP addresses from the ipPool?
Thanks
08-21-2008 06:34 AM
they will take through
crypto isakmp client configuration group remote_users
key xxxxxxxxx
dns xxxxxxx
pool ipPool
where pool mean the ip pool address
08-21-2008 06:52 AM
cool. I'll let you know the results as soon as I test it. Thanks very much.
08-21-2008 08:38 AM
Hi marwanshawi,
I tried your suggestions and it did not helped. I can still ping private addresses behind the router (VPN server) however unable to ping global outside IP addresses. When I try to ping FQDN it seems like it's being resolved but no responses from destinations. Do I need to modify ACL on the outside interface for the ipPool (I did however but no help).
Thanks in advance for all suggestions.
Remi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide