Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN concentrator issues

I setup a Cisco VPN concentrator 3005 with preshared keys. I can connect to it perfectly (Phase II completes). I am able to ping inside my network and outside as well (split tunneling is not enabled). My problem is, no real traffic is getting through. I can ping www.yahoo.com and it resolves it and i recieve replies, but I cannot connect through Internet Explorer.

I'm using ESP, so NAT shouldn't be an issue. I shouldn't have to enable split tunneling. I would like to get this working without split tunneling for now.

I'm using the internal DB for users and internal dhcp pool.

Any ideas?

3 REPLIES
Silver

Re: VPN concentrator issues

Is your web browser configured to use a web proxy? It makes no sense that ICMP would be able to flow, but TCP based HTTP sessions wouldn't, unless there is a proxy or access lists in the mix. Is the 3005 behind a firewall?

New Member

Re: VPN concentrator issues

The VPN actually bypasses the firewall, meaning its inline with the firewall (not infront or behind).

New Member

Re: VPN concentrator issues

Ok, I solved the problem.

I enabled IPSec over UDP on both concentrator and Client (not sure if this helps, but it works) and I added the gateway for the private interface under "Tunnel Default Gateway"

I think before, i did a tracert to cisco.com, it would go to the concentrator, the public int's gateway then out to the internet. Now it goes to the public int, private int default gateway and back through.

It works, but does this sound right?

103
Views
0
Helpful
3
Replies
CreatePlease to create content