Hello,
I use vpn3000 with one connection group and an ACS server for users authentication (with RADIUS). There are two groups configured in ACS with different IP pools (10.20.1.x and 10.20.2.x). Private interface of the VPN3000 is configured with 10.7.2.1 and is connected to a 3550.
If a VPN client connects to the concentrator that gets him a 10.20.x.y IP, he can't ping the switch.
If I configured a 'test user' to get a 10.7.2.x IP, I can ping all the network...
I configured the 3550 port with:
interface FastEthernet0/5
switchport mode access
switchport access vlan 8
interface vlan 8
ip address 10.7.2.254 255.255.255.0
ip address 10.20.1.254 255.255.255.0 secondary
ip address 10.20.2.254 255.255.255.0 secondary
and in vpn3000 for default gateway 10.7.2.254 and tunnel gateway 10.7.2.254..
I want then to have a vlan for each IP pools configured in ACS...
Any one could help me to resolve this trouble ??
Thank you