cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1447
Views
0
Helpful
17
Replies

cisco ipsec vpn client won't route beyond terminating router

etechexperts
Level 1
Level 1

I'm currently having major issues getting an IPSEC VPN client to work properly on an IOS router. The VPN client will connect and I can ping any interface that is on the router itself. However, I cannot communicate with anything beyond the router. I have completely removed the VPN config and rebuilt it several times. I've checked ACLS and routing. I'm not sure what the issue is here.

Per CDP the LAN layout is:

vpn client ----- Internet ---- 2851 VPN router --- csw02 ---- csw01 --- Server we need to reach (172.18.0.38)


VPN client Pool: 10.1.8.0 /24
2851 VPN Router 172.18.3.1 vlan 13
cssw02 172.18.3.230 vlan 13
cssw02 172.18.3.254 vlan 13

 

The trunks between the switches are DOT1Q with Vlan 13 native (172.18.3.0 /24 subnet).

 

Once the VPN client connects, I receive an IP of 10.1.8.10, then I can ping the router at 172.18.3.1 or any other subinterface on the router. I cannot ping beyond the router. Pings to the server on cssw01 at 172.18.0.38 fail. Pings to any SVI on the switches fail. A look in the statistics of the Cisco VPN client shows the correct secured route. I am attaching sanitized configs. I appreciate any help with this. Thank you!

17 Replies 17

Can you attach please a quick drawing of your network?

For .3.254 it looks like ok but for the 0.254 not

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

The strange thing is that even though .3.254 looks good in wireshark.  The vpn client does not receive the ICMP replies.  Even when testing from different networks and hot spots.

I upgraded the IOS on the 2851 router yesterday and it made no difference.  I also tried IPSEC over TCP port 10000 and it didn't work.

 

network.png

 

I really need some assistance with this.  Anyone???

 

Update:  I updated the IOS on the router and the switches - still nothing.

I moved the gateway of 172.18.3.254 from the switch to the router. - still nothing.

I tried a different router - vpn would connect, still could not reach 172.18.0.38.

 

 

 

 

 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: