We are in the porcess of creating an Easy VPN Server on a 3825 and deploying Cisco VPN Client 5.0.07.0290 32bit on XP machines and 64bit on WIn 7 64bit machines.
Our first install of the client is on a Win 7 64bit machine.
The client connects to the Easy VPN Server without problems, however, after it connects we are unable to access any of the networks at the business site. The client reports the following error in the log:
375 21:37:23.975 02/24/11 Sev=Warning/2 CVPND/0xE3400013 AddRoute failed to add a route with metric of 0: code 160 Destination 192.168.200.0 Netmask 255.255.255.0 Gateway 192.168.120.1 Interface 192.168.120.232
are you trying to add a route to a network across the VPN? If so that might be the issue. You can configure on your VPN Server split tunneling defining the networks that the VPN clients could connect using the VPN tunnel. Those networks will get inyected to the client after the connection get established.
we are trying to configure VPN access for Cisco VPN Clients to multiple enterprise networks. The client is on my home network 192.168.200.0/24 and connects via standard ADSL2+ modem to an ISP. This is what other employees will have at home, and except for the IP address range, all wil be same.
We want to configure the client to use the tunnel to access multiple enterprise networks which also have address in the 192.168.x.x range. I think the best way to explain our scenario is to post the Easy VPN Configuration. Here it is:
! crypto isakmp client configuration group Employee dns 192.168.20.xxx domain wsn.prolancer.com.au pool VpnIpPool acl VpnSplitAcl firewall are-u-there split-dns prolancer.com.au split-dns in.prolancer.com.au max-logins 1 !
ip local pool VpnIpPool 192.168.120.200 192.168.120.253
! ip access-list extended VpnSplitAcl permit ip 192.168.10.0 0.0.0.255 any permit ip 192.168.20.0 0.0.0.255 any
<- few more networks here -> deny ip any any !
When the client connects, we see Secured Routes to all networks in the VpnSplitAcl. However, these routes do not apper in the Win 7 routing table as you can see from the previous post.
I tried the 32 bit version of the client on a WIn XP machine as well. We get the same problem with it not being able to add a route, except the client is trying to add the route with metric 20 (instead of metric 0 on Win 7) and the error code reported is 87 (instead of 160 on Win 7).
I can provide more information, just do not know what is relevant.
It was basically incorrect split tunnel configuration on the Cisco router. I cannot recall what exactly was wrong, but I remember that my interpretation of the information in the Cisco manuals was incorrect (English being my 2nd language and all). As a result, I had incorrect configuration. A colegue of mine put me on the right track by explaining what the manual says.
So make sure yor ezvpn configuration is correct (split tunneling in particular) and double check it with what the manuals say.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :