vpn users unable to access internal network

yayasolenet · ‎03-09-2008

I have a cisco 1811 router. VPN server is configured for remote users who has got ip from pool 192.168.2.0/24.

It is coming through FE0. I tried to terminate it at vlan1,Fe0 and loopback interface. But remote users only can ping vlan1 interface and can not go any further.

It is usig split network, from client side, I can see 10.0.0.0/24 is in the secured routes table. The vpn users can browse internet without problems.

The route table is shown in the attached document.

The vpn connection is established. It is terminated at VLAN1 at the moment and from router I can ping vpn client ip address (192.168.10.5) ok. But not from FE0 or Loopback interface.

I have acl set on FE0 inside to allow 192.168.10.0/24 to 10.0.0.0/24.

So what did I do wrong?

Also who can explain this to me: in the 2nd pic in my attachment. I can ping vpn client from router but can not trace this ip. Why?

yayasolenet · ‎03-10-2008

Hi guys,

There is nothing wrong with the vpn settings. The problem is I have PBR settings on VLAN1. So the return traffic is forwarded to wan interface instead of vpn interface. So add deny ip 10.0.0.0/24 192.168.10.0/24 before permit the forwarding. It makes the route ok.

The only problem is ping is ok, even with large size packet. But vnc is timed out, outlook can send but not receiving. It just like the connection is slow. I dont know if PBR add extra heads onto the packet or not.

Cheers,

Lydia