Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN 3005...what am I doing wrong

Hey all. I am new to the Cisco world and even newer to the 3005 concentrator. I appear to have something out of place. Hope you guys can help. Here it is:

I have a T1 coming into a cisco 2600 which is directly connected to the Public side of a Watchguard Firewall (To be replaced pretty soon). I want to introduce a VPN 3005 into the mix. Here is what I do.

I have a 2950-12 that the router, firewall, and vpn 3005 connect their ports to. I then have the private interfaces of the firewall and 3005 plugged into 4006 that is the private network. I think I have configured the VPN concentrator correctly. The public ip address and subnet mask are valid and the default gateway is set to the 2600. The firewall is set the same way.

I can ping the firewall from the outside world, but not the 3005. I know that my information is probably far from complete, but I was hoping that someone could help down the right path.

5 REPLIES
Cisco Employee

Re: VPN 3005...what am I doing wrong

Are you *sure* the Public interface address is valid? Are you *sure* the default gateway is set to the 2600's IP address, or have you set it to just the Public interface (which relies on proxy-ARP's and may not work)? Was it the default gateway or the tunnel default gateway you set to the 2600, make sure it's the default gateway (the tunnel default gateway should point to your inside router)? From the 3005 (under Administration - Ping), can you ping the 2600 interface? How far can you ping outbound, this'll give you an indication of the problem?

New Member

Re: VPN 3005...what am I doing wrong

I can ping the ip address of the 2600 and various hosts out on the internet from the 3005 web interface. I am getting to the web interface through the private IP address. We have a class C license with 254 public ip address available to us. I know nothing about the 2600 and how it is configured. It was installed by the company that provides us with the T1 feed. I don't even know the password to get into it to take a look at the config file. I know I am probably making a mountain out of a mole hill but I am not seeing a clear picture.

Matt

New Member

Re: VPN 3005...what am I doing wrong

I actually want to renig on my last post. Where the firewall is cloning the 2600's ip address is on the private side. We are doing that so all of our traffic from our private and public hosts go through the firewall.

Also, is ICMP disable on the VPN Concentrator by default? Sorta like the PIX's and such? that may be the issue.

Thanks

Matt

New Member

Re: VPN 3005...what am I doing wrong

I think your right. I just took a closer look at my firewall. It appears that it is cloning the ip address of the router. My only problem, I think that this entry is necessary for the current way that we have this setup. I removed the setting from the firewall and nothing worked. Any thoughts? I can add static routes in the firewall. I was wondering if this is what I need to do get rid of the cloned address and yet still have traffic pass from the router to the firewall.

Thanks

Matt

New Member

Re: VPN 3005...what am I doing wrong

Do you have a static route of Default-> to the network of the public interface, and also a static route for all internal traffic to the private interface's network?

92
Views
0
Helpful
5
Replies
CreatePlease to create content