Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3600
Views
0
Helpful
7
Replies

VPN Access on the UC520 - No Local lan access

Go to solution
brian.russell31
Level 3
Level 3

‎08-13-2009 04:26 AM - last edited on ‎03-25-2019 10:40 PM by Community Manager

Hi,

I have a small query, something has gone wrong or something has changed that when I VPN into my homenetwork I can not access any of my local devices.

My setup is as follows:

Data 10.54.8.*

reserved 10.54.8.1 - 10

VPN Access 10.54.8.11 - 20

DHCP 10.54.8.21 - ***

Voice 10.54.9.*

When I VPN in I still have access to the internet which i enabled on the VPN screen, but can not access my home server via RDP....

My IP softphone works perfectly and registers against the CCE...

I can not ping my slingbox, IP security camera or even my home server or access the SkyStone config web page which is on 10.54.8.9:7505

Can someone tell me what I have done wrong as I think it used to work...

Many Thanks

Brian

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JOHN NIKOLATOS
Level 3
Level 3
In response to brian.russell31

‎08-14-2009 04:09 AM

Brian,

Did you try my suggestion?  I can not tell you how many times...  (15 years) I have been doing VPN configurations..  and every time I ever tried to have a VPN client get an IP address that is the same as my local LAN subnet, that the VPN will not pass traffic to my local subnet.  As soon as I place a different IP subnet or address range on the VPN clients, the VPN works.  I havent looked at your configurations yet but give that a try.

Usually if you can connect and terminate your VPN and you can not pass traffic there is one of three issues...

An access-list is off... and not properly configured.

Your remote subnet of your PC with the VPN client, is the same as the subnet at the VPN host side.

3 You are using the same access-list in the configuration for NAT settings and VPN tunnel.  Even though it is the same exact syntax you have to give it a new Access-list # and keep them unique.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
JOHN NIKOLATOS
Level 3
Level 3

‎08-13-2009 04:50 AM

Try changing the IP Subnet of your VPN group (to something unique).  I have seen where the device gets very confused over the same subnet and will not pass traffic.

0 Helpful

Go to solution
Steven Smith
Level 7
Level 7

‎08-13-2009 07:28 AM

This should work.  Can you post your config and take out the details you don't want people to see?

If you don't want to do that, I would open a TAC case.  Let me know how it goes.

0 Helpful

Go to solution
brian.russell31
Level 3
Level 3

‎08-14-2009 03:28 AM

Hi,

I have exported my full running config...

I have also deleted and set back up the VPN section only to get the same results no local lan access howver can still access the internet....

I have attached my running config...

Preview file
44 KB
0 Helpful

Go to solution
JOHN NIKOLATOS
Level 3
Level 3
In response to brian.russell31

‎08-14-2009 04:09 AM

Brian,

Did you try my suggestion?  I can not tell you how many times...  (15 years) I have been doing VPN configurations..  and every time I ever tried to have a VPN client get an IP address that is the same as my local LAN subnet, that the VPN will not pass traffic to my local subnet.  As soon as I place a different IP subnet or address range on the VPN clients, the VPN works.  I havent looked at your configurations yet but give that a try.

Usually if you can connect and terminate your VPN and you can not pass traffic there is one of three issues...

An access-list is off... and not properly configured.

Your remote subnet of your PC with the VPN client, is the same as the subnet at the VPN host side.

3 You are using the same access-list in the configuration for NAT settings and VPN tunnel.  Even though it is the same exact syntax you have to give it a new Access-list # and keep them unique.

0 Helpful

Go to solution
brian.russell31
Level 3
Level 3

‎08-14-2009 05:27 AM

Hi John,

Thanks, that did the trick, I changed the vpn subnet to 10.54.11.* and now I can access all my local network devices....

Do you know anything about my other posting the SkyStone \ Skype \ Voicemail issue that I am having?

Thanks

Again

0 Helpful

Go to solution
JOHN NIKOLATOS
Level 3
Level 3
In response to brian.russell31

‎08-14-2009 06:48 AM

See - I Told you... man I should get paid for this stuff....  just kidding...

I forgot to tell you, I am only correct 66.6% of the time.  Since I answered your other 2 questions... I doubt I am going to get the 3rd one right.  I will look at it... but I did read it a little last night.  It seems like some kind of port setting mismatch..  sometimes these things are so hard to troubleshoot but expecially for us on the community that are trying to figure out other peoples problems without being there and trying to just read an email to figure it out.  Since I don't use that service or have physical access... I seriously think someone else is going to have to answer it.

0 Helpful

Go to solution
brian.russell31
Level 3
Level 3
In response to JOHN NIKOLATOS

‎08-14-2009 06:59 AM

Hi John,

True, I really appreciate your help there and 66.6% is better than 0%.... I will see what else I can break for you to help me fix it....

Have a nice weekend...

Thanks

Brian

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents