01-05-2011 08:06 AM
I have a rather peculiar issue with one particular router I'm using as an EasyVPN server.
The clients have no problem connecting to the router. The Cisco VPN Client connects without issue, and without fail every time.
HOWEVER
This does not mean that the client can get to the server, which is located behind the router they are connecting to.
They might be able to. They might not! It seems to vary randomly. Sometimes the client will connect, and the server will be accessible. Othertimes the client will connect and it will not be.
Now, doing some very preliminary testing, I am ALWAYS able to ping the LAN interface on the router once the tunnel is up. However, I may or may not be able to ping the server.
Yesterday for example, the connection came up. I was able to ping an IP on the LAN of 192.168.0.9. The router is 192.168.0.15, which I could, as mentioned above, ping without issue as well. However, the server, which is 192.168.0.1, was not accessible. After a couple disconnects/reconnects of the VPN client, I could ping 192.168.0.1 (and 192.168.0.15) and so I could get to the server no problem.... However I could no longer ping 192.168.0.9.
It almost feels "subnetty", but there is nothing defined on the router that should cause this issue as far as I can tell. Clients are assigned an IP in the range of 10.10.10.5 to 10.10.10.15 on a loopback with IP 10.10.10.1.
Solved! Go to Solution.
01-05-2011 10:17 AM
Any specific reason why the pool overlaps with the loopback? being a virtual interface should not make a difference on where traffic is sent, however CEF sometimes plays strange games.
If it is not too much to ask, can you disable that loopack?
01-05-2011 09:48 AM
Christopher,
Are you stating that the clients get an ip address with a range that is already used on a loopback interface? can you clarify this? what is the netmask that the loopback has and what type of EZVPN setup do you have on your router?
01-05-2011 10:13 AM
Ivan:
that is correct. I have a loopback (loopback0) defined with 10.10.10.0 255.255.255.0
The clients get an IP from the pool "ip local pool VPNPool 10.10.10.5 10.10.10.15"
01-05-2011 10:17 AM
Any specific reason why the pool overlaps with the loopback? being a virtual interface should not make a difference on where traffic is sent, however CEF sometimes plays strange games.
If it is not too much to ask, can you disable that loopack?
01-05-2011 10:26 AM
Sure. You mean disable as in "shut" or disable as in removing the ip config from the interface and see if that fixes it?
01-05-2011 10:28 AM
Shutting it down should remove the directly connected network, so give it a try to that.
01-05-2011 10:46 AM
I've gone ahead and removed the ip information from the loopback. Will let you know if that solves it. As it stands, both clients have connected without issue right now. That's a good sign!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide