Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Easy VPN server and router with multiple adsls

Hi i have set up an easy vpn server on cisco 1841 running Adv.IP Services 12.4.20.T

The router has 2 adsls and they are configured for load balancing. There is no configured. Instead, the ppp ipcp route default command exists in both dialer interfaces. Using CEF, i have load balancing working fine.

Dialer 1 interface has static IP, hence we want this to accept the vpn connections.

I have also set a local policy route-map saying that each packet with source IP that of the dialer interface, should leave via dialer 1.

But, when a VPN client tries to connect to the router, it gets associated but all the encypted replies from the router are exiting dialer 2 interface. This is a different ISP and so, it blocks these packets.

Whatever destination inside the local lan, the vpn client tries to reach, here is what happens (i have debugged and seen the packets):

Packets from the vpn client, arrive to the router, get decrypted and then forwarded to the lan.

The local host replies, packets arrive to the router, get encrypted and...exit the wrong interface!!

When i insert in the routing table of the 1841, a static entry for the remote host via dialer 1, everything works fine!

Is there a way to overcome this?


Re: Easy VPN server and router with multiple adsls

not sure but try the following idea

make a static route on the route that any packet going to the VPN client network address should go throught dialer1

for example if the vpn users useing pool like

ip route 192.168..1.0 interface dialer 1

and good luck

if helpful Rate

New Member

Re: Easy VPN server and router with multiple adsls

Hi, i have already tried that but didn't work!

The reason i guess is that those client networks should be routed via a random virtual access interface that is created as soon as a vpn client is associated.

There must be done something with this virtual access interface.

Thanks a lot for the post.