Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
982
Views
0
Helpful
4
Replies

VPN connection

c
Level 1
Level 1

‎01-18-2005 06:06 AM - edited ‎02-20-2020 11:52 PM

Hello,

My vpn connection works but I don't have access to the network. The only thing I can ping for instance is the VPN router (192.168.2.252). Other servers or touters are not found. If I do a ping from the vpn router directly, I can ping everything on the network.

I assume I have to configure a route to the internal network range ?

Thanks,

Gunther.

0 Helpful
4 Replies 4

sachinraja
Level 9
Level 9

‎01-19-2005 02:36 AM

Hi Gunther,

Make sure you have a route to the inside network on the VPN device if it is on a different network. routing is a normal problem for cases like yours. another thing which you can look is see if there are any access-lists on the inside, which blocks traffic to your network. make sure you can see or ping the inside server after connecting on VPN. make sure the inside server knows how to reach the IP pool of the VPN device.

all the best..

Raj

0 Helpful

drumrb0y
Level 1
Level 1
In response to sachinraja

‎03-11-2005 06:35 PM

Gunther, Raj;

Thanks for letting me put in my two cents; I have the exact same issue, but my case involves software VPN Client logins to a 1710 router.

Raj, would I be correct in taking from your advice, that I could achieve connectivity through the VPN tunnel by creating a static route to the network that contains the IP pool range for the dynamic clients?

If there is an access-list that requires a permit statement for the pool IP range, should it be on the outside interface access-list inbound from VPN clients, on the inside access-list outbound from the network, or both?

0 Helpful

c
Level 1
Level 1
In response to drumrb0y

‎03-11-2005 11:15 PM

Hello,

This was the solution for my problem, create a route to the IOP Pool range. Give the IP pool a different ip range, easier to work with. I gave it the same and so didn't notice the acces problem.

For instance network 192.1682.2.xxx and vpn pool 192.168.3.xxx . Then create static route to 192.168.3.xxx

0 Helpful

drumrb0y
Level 1
Level 1
In response to c

‎03-13-2005 08:25 PM

Thanks for the reply;

I had a feeling that was the solution...but what would the 'next hop' be for a VLAN (which is where the VPN IP pool resides)?

Should the route statement read:

ip route xx.xx.xx.xx vlan [nn] ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card