Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
0
Helpful
2
Replies

Cisco Remote Access VPN via Different ISPs

Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎06-03-2011 02:33 AM - edited ‎03-11-2019 01:42 PM

Hi There

I have a Cisco ASA 5520 Firewall that acts as a VPN Server. The Cisco Remote Access VPN (using Cisco VPN client software) has been working fine for many years now. However, lately, I've been informed that, if the remote users were to connect to the VPN Server via ISP-A, everything works fine but if via ISP-B, everything works fine until the authentication portion and the remote user is able to grab a dynamic DHCP pool IP from the VPN Server, but after that, nothing works anymore e.g. unable to PING any devices in the private LAN and even access any servers in the private LAN.

I suspect this problem is because when a remote user first connects to ISP-B, the ISP-B provides a dynamic IP to the remote user which conflicts or overlaps with the private LAN. For this reason, remote users unable to PING any devices in the private LAN and even access any servers in the private LAN.

Can this issue be resolved? Please kindly advice.

Regards,

Ram

Warm regards,
Ramraj Sivagnanam Sivajanam
Labels:
0 Helpful
2 Replies 2

Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎06-03-2011 03:10 AM

Hi There

Just to add on, shown below is what I saw

ISP-B gives a dynamic IP Address 10.145.140.134/32

After the authentication is successful, the VPN Server gives a dynamic IP Address 10.208.111.2/8

The private LAN network address is 10.208.0.0/16

Could the dynamic IP address provided by the ISP-B conflicts/overlaps with the dynamic IP Address given by the VPN Server?

Regards,

Ram

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful

Ramraj Sivagnanam Sivajanam
Level 4
Level 4
In response to Ramraj Sivagnanam Sivajanam

‎06-14-2011 07:49 PM

From: Vikas Grover [mailto:vigrover@cisco.com]
Sent: Wednesday, June 15, 2011 3:44 AM
To: Ramraj Sivagnanam (AP)
Subject: SR 618038027 - Troubleshoot Remote Access VPN - 4565789-2

Hi Ram,

I think last time during the troubleshooting session we were using 3G data card Cisco Ipsec vpn client has some issues with the 3G data cards i.e it doesn’t work well. There is a bug id : CSCsf10635

Workaround:

Some customers have had positive results by setting the following parameter in the VPN Client profile:

ForceNatT=1

However this doesn't work in all situations. Please try to follow above workaround and see if we are able to connect.

Thanks & Regards,

Vikas Grover
Cisco TAC Engineer - (VPN)
Cisco Systems Inc.

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card