cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
486
Views
0
Helpful
3
Replies

Cisco Router - Dynamic IPSec VPN Clients cannot communicate with each other

jimw25
Level 1
Level 1

Hi all,

First time post and hope someone can help me! I have been dealing with a problem on our 1751 router which has been ongoing for some time.

The router running 12.3(2) K9 IOS and is configured for dynamic VPN IPsec connections. Remote users use Cisco VPN client software v 4.0.5. (Please see attached diagram for more details)

The VPN connections work fine, we can access the .42.0/24 and .60.0/24 networks and can also access the Internet through the tunnel

The problem is one client connected via VPN cannot ping another client connected via the VPN.

We need this functionality in order to utilise softphones between connected users.

The router hands out addresses from the 192.168.50.0/24 subnet.

I have included a config of our router and a network diagram below.

Can anyone please tell me where I am going wrong? I have been trying for months to resolve this!

Many, many thanks in advance

Jim CCNA

3 Replies 3

didyap
Level 6
Level 6

I think you need to add NAT transperancy in your router config. Also enable IPSec over NAT-T.

Thanks for your reply didyap,

Do you know of any good config guides for what I need?

Thanks

stefan.jones
Level 1
Level 1

I think the NAT overload is still affecting this traffic from mobile user to mobile user. This traffic still goes through the Dialer interface both ways.

This is definitely the case if you see receive errors incrementing on the client statistics.

Make sure you deny NAT to and from the .50.x network?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: