I installed a VPN Concentrator 3005 at a customer site and set it to tunnel everything. Internet access is provided via a separate PIX. For some reason I can't figure out, Internet access isn't working anymore.
The PIX and 3005 are installed parallel to each other. There is an internal router and, of course, an external router connected to the ISP. I have the 3005 default gateway set to the external router and the tunnel default gateway set to the internal router.
It has something to do with routing because it works when I add a static route to something on the Internet with the next hop being the internal router. It looks like I can only get to destinations that have a static route.
I'm missing something and would appreciate if someone could point out what that something is. Thanks.
If the ip pool for the client is something private and independent of the inside network, you also have to set a static route on the pix, that routes the vpn ip pool back to the internal router for reply packets.
I guess at the moemnt the inside router is default route to the pix, and has a static for the vpn pool to be sent back to the concentrator private. But the pix, also has to know where to send the vpn ip pool when it receives packets destined for it.
Thanks for the response. I'm aware of what you stated and it was the first thing I looked at. That's why I mentioned that it worked when I added a static route to something on the Internet. But I did fix the problem. I rebooted it and now it works (or maybe it would be wiser to say it was working the last time I checked). Go figure.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :