×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Problems with VPN Remote Access Clients to 3000 Concentrator.

Unanswered Question
May 29th, 2003
User Badges:

Hi, I installed a 3000 Concentrator for remote access clients for a customer. When I initiate a VPN session to the 3000 over dial-up, all is well. I can access all internal LAN resources.


Now, when I initiate a session from home (behind a firewall) over a DSL connection, I can establish a session to the 3000, I receive an IP address from the pool, but not able to ping anything on the internal LAN. I know that it is not a config issue on my firewall because am able to initiate VPN sessions to other customer's 3000 Concentrators and access all internal LAN resources.


I'm stumped! Any ideas?


Thanks in Advance!

TV

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rbostwick Thu, 05/29/2003 - 11:17
User Badges:

Do you have a Switch on the internal network or an RSM. If so you need to set a route from your network out the VPN's internal address.

tvorhauer Thu, 05/29/2003 - 13:05
User Badges:

Yes, the customer has a 6509 w/ MSFC set as the tunnel default gateway. We added a static route to the VPN Client pool/subnet w/ next hop of the 3000's private interface.


Everythig works great when the VPN client connects to the internet via dial-up. I just can't figure out why things do not work from a home DSL connection behind a firewall.



HEATH FREEL Thu, 05/29/2003 - 11:58
User Badges:

Do you have UDP 10000 enabled on the Client and the Concentrator for the non working scenerio?

tvorhauer Thu, 05/29/2003 - 13:49
User Badges:

I enabled the "Use IPSec over TCP (NAT/PAT/Firewall) TCP port 1000 and that solved my problem. This is the first time I have ran into this problem after doing a number of VPN Concentrator installs. I wonder if it is related to the software rev on the concentrator? This particular concentrator is the only one that I have configured using 4.0.1. The others were older (3.5.2 rev).


Nevertheless, thank you very much for providing me with the fix!


TV

Actions

This Discussion