we have recently deployed one VPN 3005 Concentrator at the central site and the dialup remote users are able to establish the IPSEC tunnel to the central site.But after putting the concentrator in after my router my internal users are not able to access the internet.This is directly connected to the router with a cross cable.I also tried to enable NAT on private and public interfaces on the 3005 and I am able to ping any public IP from my internal network but can access any HTTP or web server.
My remote dialup users are also not able to access the internet while talking to the VPN concentrator.Pls help
Are you assigning them a dns server when you allocate them an ip? from a command prompt, when you ping www.cnn.com, do you get an unknown host message, or ping failures (cnn.com blocks ping, but you should be able to resolve its hostname to an ip address).
Is your topology a multiple interfaced router, with one int. being outside, one inside, and one connected to the vpn3005? Are you doing nat on the router? Any ACLS on the router?
NO I am not using any nat on router .The serial and E0 interfaces are configured on ISP public IP addresses. E0 of router is directly connected with a cross cable to the VPN 3005 which in turn connected to the LAN Switch.
Router has only one ethernet interface.
I am not using any acl at the router.
My internal users should access the internet through the VPN 3005.Can it be possible.
You need ot make sure you remove the Public filter off the Public interface. By default only encrypted-type traffic and ICMP is allowed in on this interface, if you have standard traffic going out and then coming back in, you need to put the Private filter on or put no filter on it at all.
Keep in mind that taking this filter off will mean that outside users can HTTP to your 3005, so make sure you have a good password or better yet, set up the Access Control under Administration so that only your inside users can browse to it.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :