Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
5
Replies

IOS VPN Remote Access problems

remi-reszka
Level 1
Level 1

‎08-20-2008 09:05 PM - edited ‎02-21-2020 03:54 PM

Hi guy,

I am new to Cisco discussions so welcome everyone. Can anyone help me please? I am having the following problems after establishing an IPSec VPN connection between a Cisco 877 router and Cisco VPN client:

1. I can't ping outside global IP addresses through the router,

2. I can't ping outside global IP addresses through local gateway after enabling split-tunneling on the router,

3. The IP address on the vpn client does not equal to the default gateway IP address being assigned from the local pool on the router. Should they not be the same?

I am posting relevant parts of the router config. Please ask me for more details and suggest some solution to my problem.

Thanks and best regards,

Remy

Labels:
Preview file
2 KB
0 Helpful
5 Replies 5

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-20-2008 10:28 PM

try to remove the following line

do:

no crypto isakmp client configuration address-pool local ipPool

0 Helpful

remi-reszka
Level 1
Level 1
In response to Marwan ALshawi

‎08-21-2008 05:30 AM

Hi marwanshawi,

Thanks for your reply. I will try it right away but by removing the above line I won't prevent clients from getting their IP addresses from the ipPool?

Thanks

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to remi-reszka

‎08-21-2008 06:34 AM

they will take through

crypto isakmp client configuration group remote_users

key xxxxxxxxx

dns xxxxxxx

pool ipPool

where pool mean the ip pool address

0 Helpful

remi-reszka
Level 1
Level 1
In response to Marwan ALshawi

‎08-21-2008 06:52 AM

cool. I'll let you know the results as soon as I test it. Thanks very much.

0 Helpful

remi-reszka
Level 1
Level 1
In response to Marwan ALshawi

‎08-21-2008 08:38 AM

Hi marwanshawi,

I tried your suggestions and it did not helped. I can still ping private addresses behind the router (VPN server) however unable to ping global outside IP addresses. When I try to ping FQDN it seems like it's being resolved but no responses from destinations. Do I need to modify ACL on the outside interface for the ipPool (I did however but no help).

Thanks in advance for all suggestions.

Remi

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents