Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2644
Views
0
Helpful
3
Replies

Problem with VPN routing

eladkertis
Level 1
Level 1

‎01-04-2005 04:37 AM

Hi,

I have a Cisco VPN concentrator 3005 and 2 routers that connect to the concentrator with VPN.

Lan-Router--vpn--Concentrator--vpn--Router2-LAN2

Computers from behind each router can reach the concentrator and computers connected directly to it, but they cannot reach other computers that are located behind the distant router.

Is there anything I might have missed that will allow the concentrator to pass traffic from one VPN to another?

Both routers do not work with any dynamic routing protocol, so I can't use RRI to do it.

I do know I can do it with a checkpoint FW-1 by defining a community.

Thanks

Elad

Labels:
0 Helpful
3 Replies 3

a-vazquez
Level 6
Level 6

‎01-10-2005 06:57 AM

You need to have an EzVPN tunnel between the routers. Refer to the following document for configuring the same.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml

0 Helpful

eladkertis
Level 1
Level 1
In response to a-vazquez

‎01-10-2005 11:00 PM

I'm afraid the routers I have that connect to the concentrator are not cisco's, so they don't support EzVPN.

Is there anything else I can do to enable VPN routing?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎01-10-2005 08:40 AM

It sounds to me like it is not an issue of the concentrator but is an issue of the remote router not having a route to the LAN behind the other router. You can verify that by posting the results of show ip route from each router. I suspect that you will find that if you ping from one router to the LAN address of the other router that it will fail. This would also proove that it is a routing problem on the routers.

You should be able to fix this by configuring static routes on each router to create a route to the remote LAN addresses. Or you could configure a default route on each router pointing to the concentrator as the next hop address.

You would also need to make sure that the concentrator has routes to the remote LANs. But if the PCs behind the router are able to successfully access the concentrator, then it sounds like the concentrator routes are ok.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents