cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1313
Views
0
Helpful
6
Replies

867 as EasyVPN Server: Intermittent client connectivity

I have a rather peculiar issue with one particular router I'm using as an EasyVPN server.

The clients have no problem connecting to the router. The Cisco VPN Client connects without issue, and without fail every time.

HOWEVER

This does not mean that the client can get to the server, which is located behind the router they are connecting to.

They might be able to. They might not! It seems to vary randomly. Sometimes the client will connect, and the server will be accessible. Othertimes the client will connect and it will not be.

Now, doing some very preliminary testing, I am ALWAYS able to ping the LAN interface on the router once the tunnel is up. However, I may or may not be able to ping the server.

Yesterday for example, the connection came up. I was able to ping an IP on the LAN of 192.168.0.9. The router is 192.168.0.15, which I could, as mentioned above, ping without issue as well. However, the server, which is 192.168.0.1, was not accessible. After a couple disconnects/reconnects of the VPN client, I could ping 192.168.0.1 (and 192.168.0.15) and so I could get to the server no problem.... However I could no longer ping 192.168.0.9.

It almost feels "subnetty", but there is nothing defined on the router that should cause this issue as far as I can tell. Clients are assigned an IP in the range of 10.10.10.5 to 10.10.10.15 on a loopback with IP 10.10.10.1.

1 Accepted Solution

Accepted Solutions

Any specific reason why the pool overlaps with the loopback? being a virtual interface should not make a difference on where traffic is sent, however CEF sometimes plays strange games.

If it is not too much to ask, can you disable that loopack?

View solution in original post

6 Replies 6

Ivan Martinon
Level 7
Level 7

Christopher,

Are you stating that the clients get an ip address with a range that is already used on a loopback interface? can you clarify this? what is the netmask that the loopback has and what type of EZVPN setup do you have on your router?

Ivan:

that is correct. I have a loopback (loopback0) defined with 10.10.10.0 255.255.255.0

The clients get an IP from the pool "ip local pool VPNPool 10.10.10.5 10.10.10.15"

Any specific reason why the pool overlaps with the loopback? being a virtual interface should not make a difference on where traffic is sent, however CEF sometimes plays strange games.

If it is not too much to ask, can you disable that loopack?

Sure. You mean disable as in "shut" or disable as in removing the ip config from the interface and see if that fixes it?

Ivan Martinon
Level 7
Level 7

Shutting it down should remove the directly connected network, so give it a try to that.

I've gone ahead and removed the ip information from the loopback. Will let you know if that solves it. As it stands, both clients have connected without issue right now. That's a good sign!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: