Hi, I need help with the IPsec VPN configuration on router 2811. I want to allow communication between VPN clients, is this possible? I know that in ASA you can do this by using command "same-security-traffic permit intra-interface".
The fact is each Client has IP communicator installed but when they tried to make call between each other it failed. I assume this is because the connectivity between them is not ok because of the VPN connection.
Thanks in advance...
Try this :-
ip local pool ippool 192.168.1.1 192.168.1.5
access-list 1 permit host 192.168.1.2 <<< vpn ip addr of client 1
access-list 1 permit host 192.168.1.3 <<< vpn ip addr of client 2
access-list 1 permit 10.10.10.0 0.0.0.255
<<< LAN behind the router.
crypto isakmp client configuration group vpnclient
acl 1 <<< binding the acl 1
If you are doing NAT on router then you might want to exempt your VPN traffic from being NAt'd.
Assuming the NAT statement on your router is
ip nat inside source list 111 interface FastEthernet1/0 overload
!--- The access list is used to specify which traffic
!--- is to be translated for the outside Internet.
access-list 111 deny ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
Above two statements are exempting the traffic from Nat.
access-list 111 permit ip 10.10.10.0 0.0.0.255 any <<<, permits NAT.
I would like to know if this worked for you.