Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
4
Helpful
6
Replies

VPN client access remote dyanmic site-to-site VPN

b.eman
Level 1
Level 1

‎09-27-2005 12:02 PM - last edited on ‎02-21-2020 11:45 PM by Community Manager

I have a 3005 VPN concentrator with multiple dynamic site-to-site VPN connections. The remote sites are 501's. For management purposes I would like to be able to access the remote networks from a VPN client via the 3005. I have remote client VPN set up to the 3005 concentrator but I cannot access the dynamic remote sites.

In my remote 501's I have included my VPN network address in the "no nat" and "crypto" acls. from the remote locations I can access all subnets at my main location but cannot access any of the dynamic sites.

Is it possible? Here is a summary.

I want to use a Cisco VPN client to my main hub 3005. Once I am authenticated to the main network I would like to be able to access my remote dynamic site-to-site networks.

Thanks,

Labels:
0 Helpful
6 Replies 6

smalkeric
Level 6
Level 6

‎10-03-2005 08:32 AM

Make sure the VPN server (PIX Firewall, Cisco VPN Concentrator or a router) successfully assigns a DNS server IP address to the Cisco VPN Client. To check, issue the ipconfig/all command on your PC after you are connected with the VPN Client.

0 Helpful

jackko
Level 7
Level 7

‎10-04-2005 12:26 AM

yes, it is possible.

you mentioned, "In my remote 501's I have included my VPN network address in the "no nat" and "crypto" acls.". however about the network list at the concentrator? have you add the remote vpn net?

0 Helpful

b.eman
Level 1
Level 1
In response to jackko

‎10-04-2005 05:09 AM

In the concentrator I am using the Base Group. That is the only way I found to make a dynamic connection work. Because of using the base group I am actually creating a remote session and not a tunnel. Never-the-less I still do not have access from a VPN client to the dynamic network.

What about EZVPN? Will that work from a concentrator to a 501? Seems simple enough.

0 Helpful

jackko
Level 7
Level 7
In response to b.eman

‎10-04-2005 06:02 AM

i hope this link may provide some help,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094a86.shtml

further, regarding the design of the network, you mentioned the vpn is dynamic. it means that the remote site needs to initiate the vpn tunnel. so providing a user connects to the concentrator via vpn, this user will not be able to initiate the vpn between the remote site and the concentrator. it will only work providing the vpn between the remote site and the concentrator has already been established.

jackko
Level 7
Level 7
In response to jackko

‎10-15-2005 07:19 AM

just wondering how you go.

0 Helpful

b.eman
Level 1
Level 1
In response to jackko

‎10-17-2005 05:10 AM

Ended up using EZVPN to allow communication between VPN client and remote Dynamic sites. Works just fine now.

Thanks for your help!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents