Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5702
Views
5
Helpful
18
Replies

VPN not routing traffic

Go to solution
csferreira
Level 1
Level 1

‎03-02-2010 09:09 AM

Have a Cisco 3005 Concentrator and some users are not able to route traffic due to the gateway not being the same as the VPN interface.  The issue occurred after one of the groups was deleted from the 3005 device.  Users are able to connect but cannot reach the remote network.  When looking at "route print" the gateway shows a different IP address other than the Interface IP of the VPN virtual device.  Is there a way to force a change or clear out routes? Example;

  Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.20.10.5    172.20.10.122     20
         10.1.0.0    255.255.255.0      172.20.10.1     172.20.10.59    100
         10.2.0.0    255.255.255.0      172.20.10.1     172.20.10.59    100
     65.216.9.229  255.255.255.255      172.20.10.5    172.20.10.122    100
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link     172.20.10.122    296
  169.254.255.255  255.255.255.255         On-link     172.20.10.122    276
      172.20.10.0    255.255.255.0         On-link     172.20.10.122    276
      172.20.10.0    255.255.255.0         On-link      172.20.10.59    276
      172.20.10.0    255.255.255.0      172.20.10.1     172.20.10.59    100
      172.20.10.6  255.255.255.255         On-link     172.20.10.122    100
     172.20.10.59  255.255.255.255         On-link      172.20.10.59    276
    172.20.10.122  255.255.255.255         On-link     172.20.10.122    276
    172.20.10.122  255.255.255.255      172.20.10.1     172.20.10.59    276
    172.20.10.255  255.255.255.255         On-link     172.20.10.122    276
    172.20.10.255  255.255.255.255         On-link      172.20.10.59    276
    172.20.10.255  255.255.255.255      172.20.10.1     172.20.10.59    276
      172.20.11.0    255.255.255.0      172.20.10.1     172.20.10.59    100
      172.20.21.0    255.255.255.0      172.20.10.1     172.20.10.59    100
      172.20.31.0    255.255.255.0      172.20.10.1     172.20.10.59    100
      172.20.50.0    255.255.255.0      172.20.10.1     172.20.10.59    100
      172.20.51.0    255.255.255.0      172.20.10.1     172.20.10.59    100

Labels:
0 Helpful
18 Replies 18

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee
In response to slmansfield

‎03-03-2010 01:44 AM

Agree with the previous poster, check the backup of the config and compare the group settings.

Also: you say all users are using the same pool, but is it the same pool as before (when everything was working ok) ?

Can you also please get:

- "ipconfig -a" and  "route print" before and after connecting

- client logs at level 15 (make sure the client is not running, edit the vpnclient.ini file, set the log levels to 15, save the file, start the client, do not edit the log levels in the GUI)

0 Helpful

Go to solution
csferreira
Level 1
Level 1
In response to Herbert Baerten

‎03-03-2010 08:10 AM

Do not have the original config prior to the group be deleted.  I'm starting to think it's an issue of routing between the VPN Virtual adapter and the NIC since the user can connect and the issue is not widespread but only affecting a few users.  Will get the route print and ipconfig print outs later today and post.

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.10       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0     192.168.1.10    192.168.1.10       20
     192.168.1.10  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255     192.168.1.10    192.168.1.10       20
        224.0.0.0        240.0.0.0     192.168.1.10    192.168.1.10       20
  255.255.255.255  255.255.255.255     192.168.1.10    192.168.1.10       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:


Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.10       20
         10.1.0.0    255.255.255.0     172.20.10.62    172.20.10.62       1
         10.2.0.0    255.255.255.0     172.20.10.62    172.20.10.62       1
     65.216.9.229  255.255.255.255      192.168.1.1    192.168.1.10       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      172.20.10.0    255.255.255.0     172.20.10.62    172.20.10.62       1
     172.20.10.62  255.255.255.255        127.0.0.1       127.0.0.1       20
      172.20.11.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.21.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.31.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.50.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.51.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.60.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.61.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.70.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.71.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.81.0    255.255.255.0     172.20.10.62    172.20.10.62       1
      172.20.91.0    255.255.255.0     172.20.10.62    172.20.10.62       1
   172.20.255.255  255.255.255.255     172.20.10.62    172.20.10.62       20
      192.168.1.0    255.255.255.0     192.168.1.10    192.168.1.10       20
      192.168.1.1  255.255.255.255     192.168.1.10    192.168.1.10       1
     192.168.1.10  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255     192.168.1.10    192.168.1.10       20
        224.0.0.0        240.0.0.0     172.20.10.62    172.20.10.62       20
        224.0.0.0        240.0.0.0     192.168.1.10    192.168.1.10       20
  255.255.255.255  255.255.255.255     172.20.10.62    172.20.10.62       1
  255.255.255.255  255.255.255.255     192.168.1.10    192.168.1.10       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\jmcclanahan>route print

0 Helpful

Go to solution
csferreira
Level 1
Level 1
In response to csferreira

‎03-09-2010 06:54 AM

Update: issue was related to NAT-T.  Not sure if something happend when the group was deleted but enabling NAT-T resolved the routing problem for the users who were not able to route traffic.

Go to solution
slmansfield
Level 4
Level 4
In response to csferreira

‎03-09-2010 11:50 AM

There are some group settings for NAT-T, so it makes sense that some clients had the problem but others didn't.  Good to know that another cause of a VPN client routing problem could be related to the absence of NAT-T.  I rated your answer.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents