01-26-2011 01:51 PM
Set up:
SR520 - Off Site - Static Ip - Connected to main site with site-to-site VPN
UC540 - Main Site - Static IP
Problem:
Computer behind SR520 can not browse internet.
More Info:
Up until this morning, this set up was working. Now, the tunnel is up (which verifies the internet connectivity), but nothing can reach the internet from behind the SR520. As a matter of fact, a ping from the SR520 external interface can reach the next hop, but no where else. This suggests a default route issue. When I do a Show IP Route on the console, I get:
SR520#Show IP Route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 192.168.75.0/24 is directly connected, Vlan75
S 192.168.10.0/24 is directly connected, Vlan75
66.0.0.0/32 is subnetted, 1 subnets
S 66.XXX.XXX.XXX [1/0] via 75.XXX.XXX.XXX - This is a static route back to our main site, which is probably why the VPN is working
10.0.0.0/32 is subnetted, 1 subnets
C 10.XXX.XXX.253 is directly connected, Loopback10000 - Main site IP address
75.0.0.0/30 is subnetted, 1 subnets
C 75.XXX.XXX.228 is directly connected, FastEthernet4 - WAN connection
S* 0.0.0.0/0 [1/0] via 0.0.0.0, Virtual-Access2
That last static route is the one that I don't understand. I would expect it to point at the next hop/default gateway for the SR520 but instead it points at the site to site virtual interface. I tried to change it, but then the VPN tunnel closed and I lost my connection to the SR520 and had to have the guy on site reboot the router.
Thanks in advance,
Brett.
01-27-2011 08:15 AM
Resolved my own issue.
It was a default route problem but the issue was on the server end of the tunnel, not the client. Somehow, split tunneling was turned off so all traffic was being routed through the tunnel. In addition, the server side of the tunnel was not allowing internet access to clients coming in via VPN. Result: No Internet Access.
Turned Split Tunneling back on and Voila, Internet access.
(I hate it when I am stupid).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide