12-17-2007 03:59 PM - edited 03-09-2019 07:39 PM
I setup an ezvpn server on a 2811 (12.4) but can't ping the router's default gateway when tunneled to it. Everything else seems to be working correctly. In windows, ipconfig shows the default gateway is the same as my pool address which I thought was the issue but from reading other posts, that appears to be correct? So why doesn't the tunnel use the 2811's default gateway? Also, I started with the local pool in the same network as fa0/0 then changed it. That didn't help.
all AAA is local...
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group jailbreak
key xxxxxxxx
dns xxxxxxxx
domain x.com
pool client_pool_1
max-users 2
crypto isakmp profile ike-profile-1
match identity group jailbreak
client authentication list vpn_xauth
isakmp authorization list vpn_group
client configuration address respond
keepalive 30 retry 5
virtual-template 1
crypto ipsec transform-set AES_256 esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSec_Profile1
set security-association idle-time 3600
set transform-set AES_256
set isakmp-profile ike-profile-1
interface FastEthernet0/0
description To lab-gw
ip address x.x.159.210 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
duplex full
no mop enabled
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSec_Profile1
!
ip local pool client_pool_1 x.x.159.213 x.x.159.214
ip route 0.0.0.0 0.0.0.0 x.x.159.209
Thank you for the help,
-Mike
12-18-2007 03:28 PM
I'm having the exact same issue with this new "Enhanced VPN Server". Only difference is I mapped my Virtual-Template interface to a loopback interface (for inside NAT) which acts as my default gateway for any VPN connection. My SSLVPN works just fine however, but Remote Access just won't play nice. I've posted a separate message myself and I've attached my config to that message. Maybe something in my config can help you??? Just a thought...
12-19-2007 11:24 AM
I thought I read somewhere that your pool shouldn't be in the same network as your interface address, not positive though. It might be worth a shot to change that. Other than that, nothing stood out.
12-19-2007 01:23 PM
I tried a different IP address on the Loopback interface and lost all SSLVPN connectivity. I could not establish a tunnel. I would think you NEED an IP Address in the same network as the pool to act as the default gateway for the VPN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide