Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ipad ipsec vpn connects though no access to lan

Hi Guys,

I'm trying to connect our ipads to vpn to access lan resources. The cisco ipad ipsec connects though no lan access and cannot ping anything not even interfaces on the router.

If i setup the cisco vpn on a laptop it works perfectly i can ping everything and can access resources on the lan so my guess is traffic is not going down the vpn tunnel between ipad and office.

cisco 877.

Attached is my config.

Any ideas ?

Thanks

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Cisco ipad ipsec vpn connects though no access to lan

The build-in iPad-client is not campatible with your setup.

You have three options:

1) remove the acl from your vpn-group. Without split-tunneling the client will work.

2) migrate back to the legacy config style with crypto-map. There you can use split-tunneling

3) migrate to AnyConnect.

The background of the problem is, that the iPad receives the split-tunneling-information. But instead of controlling with routing which traffic should go throuh the tunnel and which traffic is allowed without the VPN, the iPad tries to build one set of SAs for each line in your split-tunnel-ACLs. But with the virtual-template only one SA is allowed.

4 REPLIES
VIP Purple

Cisco ipad ipsec vpn connects though no access to lan

The build-in iPad-client is not campatible with your setup.

You have three options:

1) remove the acl from your vpn-group. Without split-tunneling the client will work.

2) migrate back to the legacy config style with crypto-map. There you can use split-tunneling

3) migrate to AnyConnect.

The background of the problem is, that the iPad receives the split-tunneling-information. But instead of controlling with routing which traffic should go throuh the tunnel and which traffic is allowed without the VPN, the iPad tries to build one set of SAs for each line in your split-tunnel-ACLs. But with the virtual-template only one SA is allowed.

New Member

Cisco ipad ipsec vpn connects though no access to lan

I see. Seems bit strange as i have another line with almost identical vpn set and i can ping and access lan on that vpn.  What your saying makes sense i'll try removing acl from vpn group tonight.

Thanks

VIP Purple

Re: Cisco ipad ipsec vpn connects though no access to lan

it depends on the order of your ACEs. With a little luck all your needed traffic was matched against the first ACE in your ACL.

Sent from Cisco Technical Support iPad App

New Member

Re: Cisco ipad ipsec vpn connects though no access to lan

Thank you  i've been struggling for 3 days with this your explanation was spot on.

Thanks again

1455
Views
0
Helpful
4
Replies
CreatePlease to create content