Cisco Support Community
Community Member

some return traffic not going through vpn tunnel (although not all)

Very strange problem, my guess is a configuration error. Clients connecting to an 1841 with a VPN tunnel endpoint on its Dialer0 interface (ADSL WIC on an ISDN line) have no trouble accessing LAN resources (file shares, Exchange mailboxes via a MAPI client, ping, etc.). However, when configuring an IMAP connection on a remote VPN client, outgoing email would not send. The strange thing is that the port 143 traffic between the client and IMAP server flows properly.

It turns out that port 25 traffic correctly flows from the client to the SMTP server, but that return traffic from the server to the client does not flow back through the VPN tunnel. Instead it routes back out through the public IP address. Can anyone offer a suggestion? (And please feel free to comment on the config in general, i.e. unnecessary ACL entries, etc.)

The VPN address pool is The LAN subnet is Host is the SMTP server. is the public IP address on Dialer0. The packet trace follows and the config is attached as

<snort trace>

12/16-07:14:47.757578 ->

TCP TTL:128 TOS:0x0 ID:10758 IpLen:20 DgmLen:48 DF

******S* Seq: 0x65389798 Ack: 0x0 Win: 0x8000 TcpLen: 28

TCP Options (4) => MSS: 1260 NOP NOP SackOK


12/16-07:14:47.845437 ->

TCP TTL:127 TOS:0x0 ID:23397 IpLen:20 DgmLen:48 DF

***A**S* Seq: 0x4AE8EFC0 Ack: 0x65389799 Win: 0x44E8 TcpLen: 28

TCP Options (4) => MSS: 1452 NOP NOP SackOK


</snort trace>


Re: some return traffic not going through vpn tunnel (although n

SDM can troubleshoot VPN connections that you have configured. SDM reports the success or failure of the connection tests, and when tests have failed, recommends actions that you can take to correct connection problems.

The following link provides information on VPN troubleshooting using the CLI.

Community Member

Re: some return traffic not going through vpn tunnel (although n

The solution to this problem was posted to this forum on Feb 2, 2006, 3:55am PST. It has the title "solution: PAT interferes with VPN routing"

CreatePlease to create content