Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Connection up, but Internet traffic does not route.

Ok, we recently had to change out our router (non-cisco) and set it up a new one (2811) with VPN and PPPoE. We have several 2811's setup in our network now and we are struggling with why this one is not working correctly.

Ususally we start with getting internet, then fight to get the VPN up and going, well this time, we are backwards to that. All traffic through the VPN is working fine, but cannot access the Internet.

We use numbers for our different sites. And this particular ISP uses for there routes, we thought this would cause us some issues with the VPN, but the VPN works fine. But, how can we route the internet traffic out through the ISP correctly?

Does this make since? Would seeing some config be useful? Am I just lost?




Re: VPN Connection up, but Internet traffic does not route.

ofcoures the overlaped IP addressing couseing the problem


when you define your interesting traffic and assign it to VPN crypto map with command match ip address

the VPN will consider this traffic in matched by that ACL as intereting traffic to be tunneled by the VPN

an at the same time you have the same addressing number for your ISP

so the traffic will be encrypted and tuinneled befor being routed to your ISP

i suggest you to use deffrent IP adressign for your sites

you can play around it with nating at remote sites but will make complicated and hard to troubelshoot when u get any problem in the future

if you need any more details just post it here

good luck

please, if helful rate

Re: VPN Connection up, but Internet traffic does not route.

You should be natting onto your provider's network. The 10/8 range is part of RFC 1918, they should not be routed out onto the internet.


New Member

Re: VPN Connection up, but Internet traffic does not route.

I am not a router person... but they use the range on there gear that routes me to there server then out on the internet. If I do a traceroute on the router, they do not return as hosts (they return * * * *). I do not know if that makes a difference. From the router, I can ping (via ip address) and the traceroute makes it all the way also. but the client computers connected to that router cannot ping, browse, etc to that host. The router says unknown host or something like that. However, they can use the VPN.

CreatePlease to create content