07-02-2002 10:53 AM - edited 02-21-2020 11:51 AM
We have Cisco 3005 VPN concentrator and the client is 3.5.2. We are seeing a strange issue where we can get authenticated just fine, but no data flows through the tunnel until we ping the client's assigned IP address from the concentrator. Has anyone seen this before?
07-02-2002 10:08 PM
No.
There must be some sort of routing issue. Can the client at least ping the private interface of the concentrator when connected?
Is it a software or hardware client?
Have a look at the routing information on the concentrator once the client is connected and could not pass traffic, and compare it when the client is passing traffic.
Regards,
07-03-2002 01:18 PM
Thanks for the message.
We cannot ping the private interface until we ping out from the 3005 to correct the situation. This is a software client and the routing information remains the same regardless of whether it is working or not. This is looking more like an ARP situation.
Mikee
07-03-2002 04:49 AM
Hi I have had the same problem, We had a pix firewall in the network aswell, What happened was the pix kept picking up the packet dest for the Concentrator, it all came down to ARP, we add static ARP entries into our router and it worked ok. But still not sure as to why the pix was doing this!!
Hope this helps
Regards
07-03-2002 02:05 PM
You hit it right on the head. It is an ARP issue (I checked the router ARP table). Do you know the syntax for adding an ARP entry to the router? I can't seem to find it on-line
Thanks!!!
07-03-2002 03:52 PM
Actually, what you have to do is to disable proxy arp on the pix interface where the private of the concentrator is connected.
sysopt noproxyarp 'ifname'.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.htm#xtocid22
That should fix the arp issue.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide