VPN clients not able to communicate to all the internal networks

Unanswered Question

VPN clients connect to VPN concentrator. Clients get an IP address for a static pool in the range of 10.1.100.240-10.1.100.254. Internal interface has an IP in the same network. A tunnel default is configured to send packets to 10.1.100.1 which is a router on internal interface.

The problem is that tunnel default doesn't seem to work. I am not able to talk to any of the other networks till the time I create static routes on the concentrator.

Second, we have a firewall in the network. DMZ has devices in 172.16.0.0/16 network. VPN clients are not able to connect to devices in DMZ eventhough there is static route configured on the concentrator for this network. I configured static route on my VPN client but still no luck.

Under VPN client Status---Statistics---route details, I found some secured route entries. These entries are the static routes configured on the concentrator. But eventhough 172.16.0.0/24 configured on the concentrator, it never appears as secured route in the VPN clients.

Am I missing something. Please suggest.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aacole Tue, 01/24/2006 - 10:53
User Badges:
  • Bronze, 100 points or more

I think the first problem is caused by the choice of address pool, this overlaps the internal address space as you say that your internal address is on the same subnet.

Try setting your client pool to some other range that doesnt overlap your internal address space. Your internal router will then need a static pointing to that range via the VPN concentrator inside address to route back to the clients. Or you could use RRI and a routing protocol, but why make it so complex.


Andy


Thank you for the response.

The problem was that I did add the static routes but didn't made the entries in network list. Configuration->Policy Management->Traffic Management->Network Lists

:(

Once I made the entries they show up as secured routes in VPN client under status-->statistics->route details.

vramanaiah Thu, 01/26/2006 - 01:46
User Badges:

Guys, I am facing similar routing issue from the VPN client. In my case, i see the secured routes listed under the route details. What i observe here is that the Sent bytes under Tunnel details keep incrementing but the Received bytes remains at zero, inferring no traffic is being received from the VPN concentrator. Any idea what could be the problem..


fyi.. my VPN client is behind a NAT/PAT/Firewall device.

vramanaiah Sun, 01/29/2006 - 21:06
User Badges:

Folks, I figured out the problem, thought will share it with you..


The issue was due to testing it behind PAT device. Apparently my VPN Concentrator was not properly configured to work behind a PAT device. When I tested the VPN client with global IP, it started working.


fyi..

Actions

This Discussion