Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS VPN Remote Access problems

Hi guy,

I am new to Cisco discussions so welcome everyone. Can anyone help me please? I am having the following problems after establishing an IPSec VPN connection between a Cisco 877 router and Cisco VPN client:

1. I can't ping outside global IP addresses through the router,

2. I can't ping outside global IP addresses through local gateway after enabling split-tunneling on the router,

3. The IP address on the vpn client does not equal to the default gateway IP address being assigned from the local pool on the router. Should they not be the same?

I am posting relevant parts of the router config. Please ask me for more details and suggest some solution to my problem.

Thanks and best regards,

Remy

5 REPLIES

Re: IOS VPN Remote Access problems

try to remove the following line

do:

no crypto isakmp client configuration address-pool local ipPool

New Member

Re: IOS VPN Remote Access problems

Hi marwanshawi,

Thanks for your reply. I will try it right away but by removing the above line I won't prevent clients from getting their IP addresses from the ipPool?

Thanks

Re: IOS VPN Remote Access problems

they will take through

crypto isakmp client configuration group remote_users

key xxxxxxxxx

dns xxxxxxx

pool ipPool

where pool mean the ip pool address

New Member

Re: IOS VPN Remote Access problems

cool. I'll let you know the results as soon as I test it. Thanks very much.

New Member

Re: IOS VPN Remote Access problems

Hi marwanshawi,

I tried your suggestions and it did not helped. I can still ping private addresses behind the router (VPN server) however unable to ping global outside IP addresses. When I try to ping FQDN it seems like it's being resolved but no responses from destinations. Do I need to modify ACL on the outside interface for the ipPool (I did however but no help).

Thanks in advance for all suggestions.

Remi

122
Views
0
Helpful
5
Replies
CreatePlease login to create content