08-13-2009 04:26 AM - last edited on 03-25-2019 10:40 PM by ciscomoderator
Hi,
I have a small query, something has gone wrong or something has changed that when I VPN into my homenetwork I can not access any of my local devices.
My setup is as follows:
Data 10.54.8.*
reserved 10.54.8.1 - 10
VPN Access 10.54.8.11 - 20
DHCP 10.54.8.21 - ***
Voice 10.54.9.*
When I VPN in I still have access to the internet which i enabled on the VPN screen, but can not access my home server via RDP....
My IP softphone works perfectly and registers against the CCE...
I can not ping my slingbox, IP security camera or even my home server or access the SkyStone config web page which is on 10.54.8.9:7505
Can someone tell me what I have done wrong as I think it used to work...
Many Thanks
Brian
Solved! Go to Solution.
08-14-2009 04:09 AM
Brian,
Did you try my suggestion? I can not tell you how many times... (15 years) I have been doing VPN configurations.. and every time I ever tried to have a VPN client get an IP address that is the same as my local LAN subnet, that the VPN will not pass traffic to my local subnet. As soon as I place a different IP subnet or address range on the VPN clients, the VPN works. I havent looked at your configurations yet but give that a try.
Usually if you can connect and terminate your VPN and you can not pass traffic there is one of three issues...
An access-list is off... and not properly configured.
Your remote subnet of your PC with the VPN client, is the same as the subnet at the VPN host side.
3 You are using the same access-list in the configuration for NAT settings and VPN tunnel. Even though it is the same exact syntax you have to give it a new Access-list # and keep them unique.
08-13-2009 04:50 AM
Try changing the IP Subnet of your VPN group (to something unique). I have seen where the device gets very confused over the same subnet and will not pass traffic.
08-13-2009 07:28 AM
This should work. Can you post your config and take out the details you don't want people to see?
If you don't want to do that, I would open a TAC case. Let me know how it goes.
08-14-2009 03:28 AM
08-14-2009 04:09 AM
Brian,
Did you try my suggestion? I can not tell you how many times... (15 years) I have been doing VPN configurations.. and every time I ever tried to have a VPN client get an IP address that is the same as my local LAN subnet, that the VPN will not pass traffic to my local subnet. As soon as I place a different IP subnet or address range on the VPN clients, the VPN works. I havent looked at your configurations yet but give that a try.
Usually if you can connect and terminate your VPN and you can not pass traffic there is one of three issues...
An access-list is off... and not properly configured.
Your remote subnet of your PC with the VPN client, is the same as the subnet at the VPN host side.
3 You are using the same access-list in the configuration for NAT settings and VPN tunnel. Even though it is the same exact syntax you have to give it a new Access-list # and keep them unique.
08-14-2009 05:27 AM
Hi John,
Thanks, that did the trick, I changed the vpn subnet to 10.54.11.* and now I can access all my local network devices....
Do you know anything about my other posting the SkyStone \ Skype \ Voicemail issue that I am having?
Thanks
Again
08-14-2009 06:48 AM
See - I Told you... man I should get paid for this stuff.... just kidding...
I forgot to tell you, I am only correct 66.6% of the time. Since I answered your other 2 questions... I doubt I am going to get the 3rd one right. I will look at it... but I did read it a little last night. It seems like some kind of port setting mismatch.. sometimes these things are so hard to troubleshoot but expecially for us on the community that are trying to figure out other peoples problems without being there and trying to just read an email to figure it out. Since I don't use that service or have physical access... I seriously think someone else is going to have to answer it.
08-14-2009 06:59 AM
Hi John,
True, I really appreciate your help there and 66.6% is better than 0%.... I will see what else I can break for you to help me fix it....
Have a nice weekend...
Thanks
Brian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide