I have 2 interfaces active - public and private IPs. Clients connect to the public IP address.
Does anyone know when you're connected using the VPN client, if you can send traffic immediately back out the public interface to a server on the same subnet as the 3020? I am using a IP pool that gets assigned to the clients on the private interface side as they pass through.
You are not using webvpn are you? since you wrote VPN client I gather it is the cisco vpn client correct? what I mean is that the concentrator has filters bound to the interfaces, private public and external check those filters and what rules do those filters have to find out whether the traffic from those clients are allowed.
No filters are defined or applied. The VPN client traffic seems to be getting lost in the 3020. Can the 3020 decrypt a packet and then send it back out the same interface on which the encrypted packet arrived?
I have to say yes, it can since the concentrator can be defined as a hub for vpn traffic, in here I will ask you a question. Do the devices on the "outside" meaning on the public side of the concentrator know how to reach the vpn client? In other words do these devices have a route back to the concetrator to reach the vpn client's pool?
You can go ahead and create a filter with IP traffic and debug over that filter to check if packets are sent out and received back, as well you might want to check if there is any chance that a vpn tunnel might be catching this traffic instead.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...