Cisco VPN Client Connection ZBFW problem on 2821 Router
in my testing-environment, I'm having problems reaching hosts in the LAN when being connected through Cisco VPN Client while being at least able to successfully connect (with radius authentication). Accessing local hosts used to work fine until I added a site-to-site VPN connection (via cryptomap) and adjusted class-maps and policy-maps to send any internal traffic freely through the site-to-site-tunnel.
Would you mind giving me a hint what might help me reaching my hosts via Cisco VPN Client again?
Re: Cisco VPN Client Connection ZBFW problem on 2821 Router
Thanks for your support.
I also enabled the log dropped-packets function during my investigations yesterday. Strange thing was, that I was able to see all packets, also that the incoming packets were passed successfully passed from the connected client (with its assigned IP address), but the destination of these packets was not the ip of the destination host itself, but the whole network (192.168.1.0 255.255.255.0). Also, there was no response traffic logged from inside to the connected client.
So desperately, I began removing one configuration line after another, resulting in a copy of a configuration I backed up before where I knew everything was working fine. I compared both configurations in WinMerge and they were absolutely equal, but I still wasn't able to ping a host. So I saved the config to startup conf and reloaded the router. DANG. Now it was working.
So I had no clue how this was possible. Maybe something went wrong during the runtime. Since it was working again, I started configuring everything again line for line until the point of activating the firewall. As soon as I assigned the inside and outside zones to the physical interfaces but left out the virtual-template, connection from the client got lost (of course). But after assigning the inside zone to the virtual-template (as I also did in the configuration above), it was working again.
Finally, I don't know where this came from. If someone is interested in the current running config (which is more or less equal, just some details differ from the config above), let me know.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :