Problems with VPN Remote Access Clients to 3000 Concentrator.

tvorhauer · ‎05-29-2003

Hi, I installed a 3000 Concentrator for remote access clients for a customer. When I initiate a VPN session to the 3000 over dial-up, all is well. I can access all internal LAN resources.

Now, when I initiate a session from home (behind a firewall) over a DSL connection, I can establish a session to the 3000, I receive an IP address from the pool, but not able to ping anything on the internal LAN. I know that it is not a config issue on my firewall because am able to initiate VPN sessions to other customer's 3000 Concentrators and access all internal LAN resources.

I'm stumped! Any ideas?

Thanks in Advance!

TV

rbostwick · ‎05-29-2003

Do you have a Switch on the internal network or an RSM. If so you need to set a route from your network out the VPN's internal address.

tvorhauer · ‎05-29-2003

Yes, the customer has a 6509 w/ MSFC set as the tunnel default gateway. We added a static route to the VPN Client pool/subnet w/ next hop of the 3000's private interface.

Everythig works great when the VPN client connects to the internet via dial-up. I just can't figure out why things do not work from a home DSL connection behind a firewall.

HEATH FREEL · ‎05-29-2003

Do you have UDP 10000 enabled on the Client and the Concentrator for the non working scenerio?

tvorhauer · ‎05-29-2003

I enabled the "Use IPSec over TCP (NAT/PAT/Firewall) TCP port 1000 and that solved my problem. This is the first time I have ran into this problem after doing a number of VPN Concentrator installs. I wonder if it is related to the software rev on the concentrator? This particular concentrator is the only one that I have configured using 4.0.1. The others were older (3.5.2 rev).

Nevertheless, thank you very much for providing me with the fix!

TV