Sorry to have to post this with so many other vpn issues already posted that are similar. Yet none are identical.
Background: Cisco 2651 router with IP_FW_IDS PLUS IPSEC 3DES IOS. We have a site to site vpn tunnel already established between offices, which is working fine, and are now attempting to introduce client vpn capabilities to our staff. Using the Cisco software vpn client version 4.0.3F but are having issues.
Issue: I am able to connect, authenticate and establish the tunnel each time from multiple locations. However, from certain locations I am unable to "connect" to the internal network. No PING or any TCP/IP traffic and the VPN statistics say that "transparent tunneling" is "inactive". While other connections appear to work fine and I am able to PING and actually connect to the internal network. Those connection stats on vpn state that "transparent tunneling" is "active on UDP port 4500".
The only thing I have been able to confirm is this:
1)Attempting to establish a vpn connection from a public ip address (i.e. 220.127.116.11) allows me to create the vpn tunnel, but no traffic flows across the vpn.
2)When establishing a vpn connection from a private ip address (i.e. 192.168.1.50 or 10.10.10.50) I am able to create the vpn tunnel AND traffic is allowed to flow enabling me to connect to the internal network and ping internal addresses.
Question(s): 1)What may be conflicting and disallowing me to send traffic across the vpn?
2)What correlation is there between public ip addresses and disallowing traffic, and private ip addresses and allowing traffic, on an IOS FW/VPN?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...