Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
2
Replies

Easy VPN server and router with multiple adsls

dwtcp
Level 1
Level 1

‎07-31-2008 11:49 PM

Hi i have set up an easy vpn server on cisco 1841 running Adv.IP Services 12.4.20.T

The router has 2 adsls and they are configured for load balancing. There is no def.gw configured. Instead, the ppp ipcp route default command exists in both dialer interfaces. Using CEF, i have load balancing working fine.

Dialer 1 interface has static IP, hence we want this to accept the vpn connections.

I have also set a local policy route-map saying that each packet with source IP that of the dialer interface, should leave via dialer 1.

But, when a VPN client tries to connect to the router, it gets associated but all the encypted replies from the router are exiting dialer 2 interface. This is a different ISP and so, it blocks these packets.

Whatever destination inside the local lan, the vpn client tries to reach, here is what happens (i have debugged and seen the packets):

Packets from the vpn client, arrive to the router, get decrypted and then forwarded to the lan.

The local host replies, packets arrive to the router, get encrypted and...exit the wrong interface!!

When i insert in the routing table of the 1841, a static entry for the remote host via dialer 1, everything works fine!

Is there a way to overcome this?

Labels:
0 Helpful
2 Replies 2

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-02-2008 06:25 PM

not sure but try the following idea

make a static route on the route that any packet going to the VPN client network address should go throught dialer1

for example if the vpn users useing pool like

192.168.1.0/24

ip route 192.168..1.0 255.255.255.0 interface dialer 1

and good luck

if helpful Rate

0 Helpful

dwtcp
Level 1
Level 1
In response to Marwan ALshawi

‎08-03-2008 10:05 PM

Hi, i have already tried that but didn't work!

The reason i guess is that those client networks should be routed via a random virtual access interface that is created as soon as a vpn client is associated.

There must be done something with this virtual access interface.

Thanks a lot for the post.

akoul

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents