Cisco 3020 - same interface

Unanswered Question
Jul 27th, 2009

I have 2 interfaces active - public and private IPs. Clients connect to the public IP address.

Does anyone know when you're connected using the VPN client, if you can send traffic immediately back out the public interface to a server on the same subnet as the 3020? I am using a IP pool that gets assigned to the clients on the private interface side as they pass through.

Thank you,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 07/28/2009 - 13:09

As long as traffic routing and filtering is ok, then you should find no problems.

Ivan Martinon Wed, 07/29/2009 - 06:20

You are not using webvpn are you? since you wrote VPN client I gather it is the cisco vpn client correct? what I mean is that the concentrator has filters bound to the interfaces, private public and external check those filters and what rules do those filters have to find out whether the traffic from those clients are allowed.

myounger Wed, 07/29/2009 - 06:27

No filters are defined or applied. The VPN client traffic seems to be getting lost in the 3020. Can the 3020 decrypt a packet and then send it back out the same interface on which the encrypted packet arrived?

Ivan Martinon Wed, 07/29/2009 - 06:39

I have to say yes, it can since the concentrator can be defined as a hub for vpn traffic, in here I will ask you a question. Do the devices on the "outside" meaning on the public side of the concentrator know how to reach the vpn client? In other words do these devices have a route back to the concetrator to reach the vpn client's pool?

myounger Wed, 07/29/2009 - 06:57

Yes...the server has a route back to the VPN client pool, with the next hop for that network pool being the 3020 public IP.

Ivan Martinon Wed, 07/29/2009 - 07:07

You can go ahead and create a filter with IP traffic and debug over that filter to check if packets are sent out and received back, as well you might want to check if there is any chance that a vpn tunnel might be catching this traffic instead.


This Discussion