Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote Access VPN

concentrator is connected with core switch and server is also connected in core switch.

InterVLN routing is working fine. server and conncentrator is able to reach other via core switch.

concentrator private Ip address


Core switch Ip address is

Client is able to connect without any problem, but client not able to ping or connect with any network device.

In VPN session i can see bytes send and receive. My LAN-2-LAN tunnles are working fine without any problem.

No firewall involoved in the path between the concentrator and desired server

Both connected on same switch but different VLAN. Inter VLAN routing is working and both are able to ping.

ONly remote access client is not able to reach anywhere.

Core switch routing table

ip route

ip route

ip route

ip route

ip route

Concentrator routing table via via via via via

Split tunnel is enable for


Re: Remote Access VPN

Hi, Im trying to dicypher your ip scheme and Im seeing something odd,

"ONly remote access client is not able to reach anywhere."

you are using for your vpn pool network with a 29bit mask, at least this is what your description entails , this network allows for a range of 8 addresses from 128 to 135, the is the network addresss therefore it cannot be used for assigning it to any host, and 135 is broadcast address.


New Member

Re: Remote Access VPN is the pool that is defined on the vpn concentrator, client Ip start from

client gets the ip and still not able to reach the internal network. my site to site vpn are working fine, only problem with remote access vpn.

Re: Remote Access VPN

On the concentrator in your vpn tunnel group for RA clients , under Client config tab do you have IPsec over UDP checked on, as well as IPec over udp port 1000, this is asuming clients are using default Ipsec over UDP port 1000 in their client settings.

You may also need to enable NAT-transparency under Tunneling Protocol\IPsec\NAT Transparency (Ipsec over NAT-T).

New Member

Re: Remote Access VPN

my dear there is no firewall or NAT device between the client and server, it is simply conncentrator that is connected with switch, and server is also connected with that switch.