I have a Cisco 2811 router with ADSL at a remote site which performs NAT giving users of that site Internet access. We have a Lan to Lan VPN for remote management of that sites hardware which runs on the 2811 to a Cisco 3000 VPN. This all works fine.
Our corporate users when remote use VPN Clients to connect to our network using the same Cisco VPN 3000 Concentrator. However our corporate users who visit this site can only get their VPN clients to work if they select "IPSec over TCP". The client successfully connects on UDP but they can't "see" anything on the network. I have failed to replicate this problem with an 837 router in our test environment (setup same as 2811 with Lan to Lan VPN and NAT).
anyone have any ideas?
I've attached a sh ver, sh conf, a debug of a VPN client at site which failed then successfully worked using TCP and a sh crypto.
The entire network is subnetted into different 10.X.X.X subnets. 172.16.X.X is used for management.
VPN clients receive an address of 10.254.40.X.
Concentrator real IP has been substituted with 220.127.116.11, real IP of 2811 ADSL router has been substituted with 18.104.22.168.
There are 3 dialers but we're only using dialer 1 for now, I will be applying OER later once I get this problem fixed.
yes NAT-T is enabled on the concentrator. This remote site is the only remote site I know of that the VPN Client doesn't work, and the vpn "group" they use is the same VPN "group" for all our remote users who have no problems. The users at the problem site can VPN from any where else, just not from this site.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...