Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
0
Helpful
8
Replies

Cisco 3020 - same interface

myounger
Level 1
Level 1

‎07-27-2009 10:30 AM - edited ‎02-21-2020 03:36 AM

I have 2 interfaces active - public and private IPs. Clients connect to the public IP address.

Does anyone know when you're connected using the VPN client, if you can send traffic immediately back out the public interface to a server on the same subnet as the 3020? I am using a IP pool that gets assigned to the clients on the private interface side as they pass through.

Thank you,

0 Helpful
8 Replies 8

Ivan Martinon
Level 7
Level 7

‎07-28-2009 01:09 PM

As long as traffic routing and filtering is ok, then you should find no problems.

0 Helpful

arpita_barman
Level 1
Level 1
In response to Ivan Martinon

‎07-28-2009 10:26 PM

Routing of all local networks are added . But what do you mean by filtering.

0 Helpful

arpita_barman
Level 1
Level 1
In response to arpita_barman

‎07-28-2009 10:34 PM

In WebVPN configuration filtering option is'inherit'.

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to arpita_barman

‎07-29-2009 06:20 AM

You are not using webvpn are you? since you wrote VPN client I gather it is the cisco vpn client correct? what I mean is that the concentrator has filters bound to the interfaces, private public and external check those filters and what rules do those filters have to find out whether the traffic from those clients are allowed.

0 Helpful

myounger
Level 1
Level 1
In response to Ivan Martinon

‎07-29-2009 06:27 AM

No filters are defined or applied. The VPN client traffic seems to be getting lost in the 3020. Can the 3020 decrypt a packet and then send it back out the same interface on which the encrypted packet arrived?

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to myounger

‎07-29-2009 06:39 AM

I have to say yes, it can since the concentrator can be defined as a hub for vpn traffic, in here I will ask you a question. Do the devices on the "outside" meaning on the public side of the concentrator know how to reach the vpn client? In other words do these devices have a route back to the concetrator to reach the vpn client's pool?

0 Helpful

myounger
Level 1
Level 1
In response to Ivan Martinon

‎07-29-2009 06:57 AM

Yes...the server has a route back to the VPN client pool, with the next hop for that network pool being the 3020 public IP.

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to myounger

‎07-29-2009 07:07 AM

You can go ahead and create a filter with IP traffic and debug over that filter to check if packets are sent out and received back, as well you might want to check if there is any chance that a vpn tunnel might be catching this traffic instead.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card