Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn users unable to access internal network

I have a cisco 1811 router. VPN server is configured for remote users who has got ip from pool 192.168.2.0/24.

It is coming through FE0. I tried to terminate it at vlan1,Fe0 and loopback interface. But remote users only can ping vlan1 interface and can not go any further.

It is usig split network, from client side, I can see 10.0.0.0/24 is in the secured routes table. The vpn users can browse internet without problems.

The route table is shown in the attached document.

The vpn connection is established. It is terminated at VLAN1 at the moment and from router I can ping vpn client ip address (192.168.10.5) ok. But not from FE0 or Loopback interface.

I have acl set on FE0 inside to allow 192.168.10.0/24 to 10.0.0.0/24.

So what did I do wrong?

Also who can explain this to me: in the 2nd pic in my attachment. I can ping vpn client from router but can not trace this ip. Why?

1 REPLY
New Member

Re: vpn users unable to access internal network

Hi guys,

There is nothing wrong with the vpn settings. The problem is I have PBR settings on VLAN1. So the return traffic is forwarded to wan interface instead of vpn interface. So add deny ip 10.0.0.0/24 192.168.10.0/24 before permit the forwarding. It makes the route ok.

The only problem is ping is ok, even with large size packet. But vnc is timed out, outlook can send but not receiving. It just like the connection is slow. I dont know if PBR add extra heads onto the packet or not.

Cheers,

Lydia

118
Views
0
Helpful
1
Replies
CreatePlease to create content