Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Connection up, but Internet traffic does not route.

Ok, we recently had to change out our router (non-cisco) and set it up a new one (2811) with VPN and PPPoE. We have several 2811's setup in our network now and we are struggling with why this one is not working correctly.

Ususally we start with getting internet, then fight to get the VPN up and going, well this time, we are backwards to that. All traffic through the VPN is working fine, but cannot access the Internet.

We use 10.xxx.xxx.xxx numbers for our different sites. And this particular ISP uses 10.xxx.xxx.xxx for there routes, we thought this would cause us some issues with the VPN, but the VPN works fine. But, how can we route the internet traffic out through the ISP correctly?

Does this make since? Would seeing some config be useful? Am I just lost?

Thanks,

Jon

3 REPLIES

Re: VPN Connection up, but Internet traffic does not route.

ofcoures the overlaped IP addressing couseing the problem

becuase

when you define your interesting traffic and assign it to VPN crypto map with command match ip address

the VPN will consider this traffic in matched by that ACL as intereting traffic to be tunneled by the VPN

an at the same time you have the same addressing number for your ISP

so the traffic will be encrypted and tuinneled befor being routed to your ISP

i suggest you to use deffrent IP adressign for your sites

you can play around it with nating at remote sites but will make complicated and hard to troubelshoot when u get any problem in the future

if you need any more details just post it here

good luck

please, if helful rate

Re: VPN Connection up, but Internet traffic does not route.

You should be natting onto your provider's network. The 10/8 range is part of RFC 1918, they should not be routed out onto the internet.

HTH>

New Member

Re: VPN Connection up, but Internet traffic does not route.

I am not a router person... but they use the 10.xxx range on there gear that routes me to there server then out on the internet. If I do a traceroute on the router, they do not return as hosts (they return * * * *). I do not know if that makes a difference. From the router, I can ping google.com (via ip address) and the traceroute makes it all the way also. but the client computers connected to that router cannot ping, browse, etc to that host. The router says unknown host or something like that. However, they can use the VPN.

133
Views
0
Helpful
3
Replies
CreatePlease to create content