Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
4
Replies

VPN clients not able to communicate to all the internal networks

pankajs
Level 1
Level 1

‎01-24-2006 10:14 AM - edited ‎02-21-2020 02:13 PM

VPN clients connect to VPN concentrator. Clients get an IP address for a static pool in the range of 10.1.100.240-10.1.100.254. Internal interface has an IP in the same network. A tunnel default is configured to send packets to 10.1.100.1 which is a router on internal interface.

The problem is that tunnel default doesn't seem to work. I am not able to talk to any of the other networks till the time I create static routes on the concentrator.

Second, we have a firewall in the network. DMZ has devices in 172.16.0.0/16 network. VPN clients are not able to connect to devices in DMZ eventhough there is static route configured on the concentrator for this network. I configured static route on my VPN client but still no luck.

Under VPN client Status---Statistics---route details, I found some secured route entries. These entries are the static routes configured on the concentrator. But eventhough 172.16.0.0/24 configured on the concentrator, it never appears as secured route in the VPN clients.

Am I missing something. Please suggest.

Thanks

Labels:
0 Helpful
4 Replies 4

aacole
Level 5
Level 5

‎01-24-2006 10:53 AM

I think the first problem is caused by the choice of address pool, this overlaps the internal address space as you say that your internal address is on the same subnet.

Try setting your client pool to some other range that doesnt overlap your internal address space. Your internal router will then need a static pointing to that range via the VPN concentrator inside address to route back to the clients. Or you could use RRI and a routing protocol, but why make it so complex.

Andy

0 Helpful

pankajs
Level 1
Level 1
In response to aacole

‎01-25-2006 08:21 AM

Thank you for the response.

The problem was that I did add the static routes but didn't made the entries in network list. Configuration->Policy Management->Traffic Management->Network Lists

:(

Once I made the entries they show up as secured routes in VPN client under status-->statistics->route details.

0 Helpful

vramanaiah
Level 1
Level 1
In response to pankajs

‎01-26-2006 01:46 AM

Guys, I am facing similar routing issue from the VPN client. In my case, i see the secured routes listed under the route details. What i observe here is that the Sent bytes under Tunnel details keep incrementing but the Received bytes remains at zero, inferring no traffic is being received from the VPN concentrator. Any idea what could be the problem..

fyi.. my VPN client is behind a NAT/PAT/Firewall device.

0 Helpful

vramanaiah
Level 1
Level 1
In response to vramanaiah

‎01-29-2006 09:06 PM

Folks, I figured out the problem, thought will share it with you..

The issue was due to testing it behind PAT device. Apparently my VPN Concentrator was not properly configured to work behind a PAT device. When I tested the VPN client with global IP, it started working.

fyi..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents