Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn client to vpn client connectivity


Because of specific requirements, I need to allow my vpn clients connected to my 3030 to be able to communicate with one another over the encrypted tunnel.

In the current configuration, the vpn clients can communicate with all the networks and hosts behind the 3030. However, I can't seem to get client to client communication to work (testing via pings) and I was hoping someone

can help.

Initially, I tried this running 4.0 sw on the 3030 and using 4.0 vpn clients. I tried changes on the interface, group and client fw filters and network lists but still couldn't ping, including removing group and client fw filters. I also turned off split tunneling but still no luck. The original IP pool consisted of addresses on the same subnet as the private interface on the 3030 but the addition of IP pools on totally separate subnets still did not get me connectivity.

I also tried all of the above steps with version 3.6.1 of the concentrator sw but that didn't work. The reason I tried that version of the 3030 sw is because I was able to get client to client connectivity to work in another environment using version 3.6.1. I didn't switch the VPN client because I was able to confirm that client connectivity works under 4.0. BTW, the OS on the clients is XP and I made sure that there were no firewalls or packet filters turned on.

One difference in this environment vs my previous working environment is that instead of a router sitting behind the 3030 it's a PIX 515. But the ICMP packets should, in theory, never leave the 3030. BTW, pinging the connected vpn clients from the PIX works which means routing shouldn't be an issue either.

Any suggestions? Thanks in advance.

New Member

Re: vpn client to vpn client connectivity


Until I know, due to security it's impossible to re-route a packet to the

same interface you receive it (reverse-path-check). So, if you want to

connect client-to-client you need a tunnel between them


New Member

Re: vpn client to vpn client connectivity

I have a similar situation. 2 - 3002's need to communicate to each other over an encrypted tunnel. Both 3002's are connected to a 3030, acting as a hub. Can this be done?

CreatePlease login to create content