Loopback Interface for Client to Site VPN termination
My project involves soho 871 router connecting to headend 3845 router over unencrypted MPLS network for data communication. For Client PC behind 871 router in remote site, they need to enable Cisco VPN client and connect to headend 3845 so that they can access information behind core 6506 switch.
To minimize the setup, I would like to prepare single VPN profile for all remotes. Therefore, I plan use lo0 int for VPN termination. However, I found that when VPN connection is up over the lo0 int, the remote client PC can "ping" lo0 only but cannot "ping" all other IP address. However, when I establish the connection to interface IP address on 3845 router, the connection is all ok.
I attached my config for VPN and the diagram. Can anyone help?
Re: Loopback Interface for Client to Site VPN termination
I tried your advice but it still not work. Actually, "permit ip host 0.0.0.0 host 0.0.0.0 ...." is for tunnel-all but even if I removed the "ACL...." in the crypto setup. I inspected the VPN client stats in the Cisco VPN client.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...