Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Problems with VPN Remote Access Clients to 3000 Concentrator.

Unanswered Question
May 29th, 2003
User Badges:

Hi, I installed a 3000 Concentrator for remote access clients for a customer. When I initiate a VPN session to the 3000 over dial-up, all is well. I can access all internal LAN resources.

Now, when I initiate a session from home (behind a firewall) over a DSL connection, I can establish a session to the 3000, I receive an IP address from the pool, but not able to ping anything on the internal LAN. I know that it is not a config issue on my firewall because am able to initiate VPN sessions to other customer's 3000 Concentrators and access all internal LAN resources.

I'm stumped! Any ideas?

Thanks in Advance!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rbostwick Thu, 05/29/2003 - 11:17
User Badges:

Do you have a Switch on the internal network or an RSM. If so you need to set a route from your network out the VPN's internal address.

tvorhauer Thu, 05/29/2003 - 13:05
User Badges:

Yes, the customer has a 6509 w/ MSFC set as the tunnel default gateway. We added a static route to the VPN Client pool/subnet w/ next hop of the 3000's private interface.

Everythig works great when the VPN client connects to the internet via dial-up. I just can't figure out why things do not work from a home DSL connection behind a firewall.

HEATH FREEL Thu, 05/29/2003 - 11:58
User Badges:

Do you have UDP 10000 enabled on the Client and the Concentrator for the non working scenerio?

tvorhauer Thu, 05/29/2003 - 13:49
User Badges:

I enabled the "Use IPSec over TCP (NAT/PAT/Firewall) TCP port 1000 and that solved my problem. This is the first time I have ran into this problem after doing a number of VPN Concentrator installs. I wonder if it is related to the software rev on the concentrator? This particular concentrator is the only one that I have configured using 4.0.1. The others were older (3.5.2 rev).

Nevertheless, thank you very much for providing me with the fix!



This Discussion