Hi,

i configured a cisco ios router 871 - Adv IPservices Version 12.4(24)T8 with a dual wan configuration and ipsec ras vpn.

Everything works perfect, expect RAS IPSEC VPN.

a global policy route map is configured:

ip local policy route-map vpn-access

...

ip access-list extended vpn
 permit udp host [vpn-traffic-wan-interface-ip] eq isakmp any
 permit tcp host [vpn-traffic-wan-interface-ip] eq 10000 any
 permit esp host [vpn-traffic-wan-interface-ip] any
 permit udp host [vpn-traffic-wan-interface-ip] eq non500-isakmp any

........

route-map vpn-access permit 10
 match ip address wpn
 match interface FastEthernet4
 set ip next-hop [vpn-traffic-wan-interface-gw]

two default routes, the one for vpn-traffic with a higher metric.

The vpn client connects to the router, traffic from vpn client to the remote net arrives, but the reverse not.

I created a virtual template with a policy route-map, so that the vpn net is forced to be routed outside the vpn-traffic-wan-interface,i also configured a default route for the vpn-client-net outside to vpn-traffic-wan-interface-gw

If i delete the primary default route (lower metric than vpn-traffic route) everything works as expected.

My next step would be a packet capture on the router to check how the traffic flows (it seems that the reverse traffic passes the lower metric route)

Where is the mistake, i'm quite sure that i configured a working scenario the same way before, unfortunately i'm not able to verify it (config lost)

Thanks