Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn client to IOS router :can ping , but can't telnet or access application

I use a 3662 router with IOS: c3660-ik9o3s-mz.122-15.T and vpn client 3.6.3 .

the config is below :


aaa new-model



aaa authentication login userauthen local

aaa authorization network groupauthor local



crypto isakmp policy 3

encr 3des

authentication pre-share

group 2


crypto isakmp client configuration group vpngroup

key xxx



pool ippool



crypto ipsec transform-set myset esp-3des esp-sha-hmac


crypto dynamic-map dynmap 10

set transform-set myset



crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap


interface FastEthernet0/1

description *** Untrust Interface ***

crypto map clientmap


ip local pool ippool

username xxx password 7 xxx


the problem is I can establish vpn connection and can ping internal server successful , but I can't telnet a internal server . I am sure there is no any firewall deny it . I have tried change the MTU , but it didn't work. please give me some suggestions, thanks .

BTW: with the same router config , when I use vpn client ver 4.0 , the vpn connect can establish, but I can't ping the intranet server successful. how amazing !


Re: vpn client to IOS router :can ping , but can't telnet or acc

Hi there,

If you can't telnet to the internal server, then you would need to sniff the packets to see what's going on. The best place to sniff the traffic would be the internal subnet of this router


New Member

Re: vpn client to IOS router :can ping , but can't telnet or acc

Could you please post the whole router config I may be able to help. I had set up the same type of vpn connectivity for my client and can vpn into it and do telnet. So if you can post the whole router config it can helpful.


CreatePlease login to create content