Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
3
Replies

Can't ping tunnel default gateway

mgallagher44
Level 1
Level 1

‎12-17-2007 03:59 PM - edited ‎03-09-2019 07:39 PM

I setup an ezvpn server on a 2811 (12.4) but can't ping the router's default gateway when tunneled to it. Everything else seems to be working correctly. In windows, ipconfig shows the default gateway is the same as my pool address which I thought was the issue but from reading other posts, that appears to be correct? So why doesn't the tunnel use the 2811's default gateway? Also, I started with the local pool in the same network as fa0/0 then changed it. That didn't help.

all AAA is local...

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 2

!

crypto isakmp client configuration group jailbreak

key xxxxxxxx

dns xxxxxxxx

domain x.com

pool client_pool_1

max-users 2

crypto isakmp profile ike-profile-1

match identity group jailbreak

client authentication list vpn_xauth

isakmp authorization list vpn_group

client configuration address respond

keepalive 30 retry 5

virtual-template 1

crypto ipsec transform-set AES_256 esp-aes 256 esp-sha-hmac

!

crypto ipsec profile IPSec_Profile1

set security-association idle-time 3600

set transform-set AES_256

set isakmp-profile ike-profile-1

interface FastEthernet0/0

description To lab-gw

ip address x.x.159.210 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

duplex full

no mop enabled

interface Virtual-Template1 type tunnel

ip unnumbered FastEthernet0/0

tunnel mode ipsec ipv4

tunnel protection ipsec profile IPSec_Profile1

!

ip local pool client_pool_1 x.x.159.213 x.x.159.214

ip route 0.0.0.0 0.0.0.0 x.x.159.209

Thank you for the help,

-Mike

Labels:
0 Helpful
3 Replies 3

jpodolanko
Level 1
Level 1

‎12-18-2007 03:28 PM

I'm having the exact same issue with this new "Enhanced VPN Server". Only difference is I mapped my Virtual-Template interface to a loopback interface (for inside NAT) which acts as my default gateway for any VPN connection. My SSLVPN works just fine however, but Remote Access just won't play nice. I've posted a separate message myself and I've attached my config to that message. Maybe something in my config can help you??? Just a thought...

0 Helpful

mgallagher44
Level 1
Level 1
In response to jpodolanko

‎12-19-2007 11:24 AM

I thought I read somewhere that your pool shouldn't be in the same network as your interface address, not positive though. It might be worth a shot to change that. Other than that, nothing stood out.

0 Helpful

jpodolanko
Level 1
Level 1
In response to mgallagher44

‎12-19-2007 01:23 PM

I tried a different IP address on the Loopback interface and lost all SSLVPN connectivity. I could not establish a tunnel. I would think you NEED an IP Address in the same network as the pool to act as the default gateway for the VPN.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents