Re: VPN Clients cant communicate with each other??

Matthew Needs · ‎07-04-2006

Hi everyone,

I have a 1721 configured for VPN clients. All works fine. I'm interested it using the clients for soft phones off of a PABX. However, the clients can?t see each other?? I can?t ping between them.

Otherwise the clients operate absolutely fine. I need client-client communication for the voice direct RTP.

Tried looking at the natting and I temporarily removed all the acls as a precaution... No good.. :(

Any ideas? I noticed there is a global command to enable this feature on a VPN concentrator. Is there an equivalent for routers? I can use CLI or SDM.

Many thanks! :)

Fernando_Meza · ‎07-04-2006

Hi..

what you are trying to achieve is known as U-turn IPsec tunneling. I am not sure whether you can achieve this on a router but you can using PIX running version 7.0 or higher using the command

same−security−traffic permit intra−interface

I hope it helps .. please rate it if it does !!

Matthew Needs · ‎07-06-2006

Thanks for the comments but I have sorted it :). I just needed to turn the statefull firewall off on the client... There is no way to configure it on a router. In default it blocks traffic between clients. Only on VPN concentrators/PIX's can you configure your own rules. Routers have a cut down version of client.

Thanks again. Matt