Because of specific requirements, I need to allow my vpn clients connected to my 3030 to be able to communicate with one another over the encrypted tunnel.
In the current configuration, the vpn clients can communicate with all the networks and hosts behind the 3030. However, I can't seem to get client to client communication to work (testing via pings) and I was hoping someone
Initially, I tried this running 4.0 sw on the 3030 and using 4.0 vpn clients. I tried changes on the interface, group and client fw filters and network lists but still couldn't ping, including removing group and client fw filters. I also turned off split tunneling but still no luck. The original IP pool consisted of addresses on the same subnet as the private interface on the 3030 but the addition of IP pools on totally separate subnets still did not get me connectivity.
I also tried all of the above steps with version 3.6.1 of the concentrator sw but that didn't work. The reason I tried that version of the 3030 sw is because I was able to get client to client connectivity to work in another environment using version 3.6.1. I didn't switch the VPN client because I was able to confirm that client connectivity works under 4.0. BTW, the OS on the clients is XP and I made sure that there were no firewalls or packet filters turned on.
One difference in this environment vs my previous working environment is that instead of a router sitting behind the 3030 it's a PIX 515. But the ICMP packets should, in theory, never leave the 3030. BTW, pinging the connected vpn clients from the PIX works which means routing shouldn't be an issue either.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :