I'm currently having major issues getting an IPSEC VPN client to work properly on an IOS router. The VPN client will connect and I can ping any interface that is on the router itself. However, I cannot communicate with anything beyond the router. I have completely removed the VPN config and rebuilt it several times. I've checked ACLS and routing. I'm not sure what the issue is here.
Per CDP the LAN layout is:
vpn client ----- Internet ---- 2851 VPN router --- csw02 ---- csw01 --- Server we need to reach (172.18.0.38)
VPN client Pool: 10.1.8.0 /24
2851 VPN Router 172.18.3.1 vlan 13
cssw02 172.18.3.230 vlan 13
cssw02 172.18.3.254 vlan 13
The trunks between the switches are DOT1Q with Vlan 13 native (172.18.3.0 /24 subnet).
Once the VPN client connects, I receive an IP of 10.1.8.10, then I can ping the router at 172.18.3.1 or any other subinterface on the router. I cannot ping beyond the router. Pings to the server on cssw01 at 172.18.0.38 fail. Pings to any SVI on the switches fail. A look in the statistics of the Cisco VPN client shows the correct secured route. I am attaching sanitized configs. I appreciate any help with this. Thank you!
The strange thing is that even though .3.254 looks good in wireshark. The vpn client does not receive the ICMP replies. Even when testing from different networks and hot spots.
I upgraded the IOS on the 2851 router yesterday and it made no difference. I also tried IPSEC over TCP port 10000 and it didn't work.
I really need some assistance with this. Anyone???
Update: I updated the IOS on the router and the switches - still nothing.
I moved the gateway of 172.18.3.254 from the switch to the router. - still nothing.
I tried a different router - vpn would connect, still could not reach 172.18.0.38.