Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IOS Router VPN - Client cannot connect to all subnets

Hello

I have setup a IOS Router VPN that uses IPSec with Radius Authentication. I am using Cisco VPN Client 4.8. The connection and the Authetication work great, but the client cannot connect to all Subnets. I can sometimes can connect to a specific host in a subnet, but not others.

For example I have another router with a number of sub-interfaces on it, and I can ping only 80% of these sub-interface addresses. Any Help would be most greatful.

8 REPLIES

Re: IOS Router VPN - Client cannot connect to all subnets

you are not using any split tunnel so there should be no reason why the traffic should not flow from client to router and back, you could try to enable reverse-route under the dynamic tunnel and see if that helps.

also when the client cannot reach those networks, can your router reach them?

New Member

Re: IOS Router VPN - Client cannot connect to all subnets

Ok Thanks, I give that a go.

Yes, the router can connect to everything

New Member

Re: IOS Router VPN - Client cannot connect to all subnets

Hello

I've added the reverse-route command to the Dynamic Tunnel and the problem is still the same.

Re: IOS Router VPN - Client cannot connect to all subnets

Do me a favour, go ahead and create a loopback interface on the router, with an ip address that is not on the local subnet of your router or any other subnet behind it, then once it is created ping those subnets the client is unable to ping sourcing the ping from the loopback interface, are you getting replies?

New Member

Re: IOS Router VPN - Client cannot connect to all subnets

Hello

Well that was interesting, I got the same problem. I can ping some addresses, but not all. Even if ip addresses are sub-interfaces on the same router.

Re: IOS Router VPN - Client cannot connect to all subnets

If you both, try a traceroute from those ip address(es) that you can reach from the client, to the vpn client assigned address from the pool, do you see it going to the vpn server?

New Member

Re: IOS Router VPN - Client cannot connect to all subnets

Yes, I see what the problem is. We have a couple of Core routers and doing a traceroute from the offending devices it stopped at the Secondary. I've add a static route and all is well.

Thanks for you help, I can now see the wood from the trees.

Re: IOS Router VPN - Client cannot connect to all subnets

Awesome! do rate useful posts

288
Views
5
Helpful
8
Replies
CreatePlease to create content