Showing results for 
Search instead for 
Did you mean: 

cisco ipsec vpn client won't route beyond terminating router

I'm currently having major issues getting an IPSEC VPN client to work properly on an IOS router. The VPN client will connect and I can ping any interface that is on the router itself. However, I cannot communicate with anything beyond the router. I have completely removed the VPN config and rebuilt it several times. I've checked ACLS and routing. I'm not sure what the issue is here.

Per CDP the LAN layout is:

vpn client ----- Internet ---- 2851 VPN router --- csw02 ---- csw01 --- Server we need to reach (

VPN client Pool: /24
2851 VPN Router vlan 13
cssw02 vlan 13
cssw02 vlan 13


The trunks between the switches are DOT1Q with Vlan 13 native ( /24 subnet).


Once the VPN client connects, I receive an IP of, then I can ping the router at or any other subinterface on the router. I cannot ping beyond the router. Pings to the server on cssw01 at fail. Pings to any SVI on the switches fail. A look in the statistics of the Cisco VPN client shows the correct secured route. I am attaching sanitized configs. I appreciate any help with this. Thank you!


Can you attach please a quick drawing of your network?

For .3.254 it looks like ok but for the 0.254 not

PS: Please don't forget to rate and select as validated answer if this answered your question

The strange thing is that even though .3.254 looks good in wireshark.  The vpn client does not receive the ICMP replies.  Even when testing from different networks and hot spots.

I upgraded the IOS on the 2851 router yesterday and it made no difference.  I also tried IPSEC over TCP port 10000 and it didn't work.




I really need some assistance with this.  Anyone???


Update:  I updated the IOS on the router and the switches - still nothing.

I moved the gateway of from the switch to the router. - still nothing.

I tried a different router - vpn would connect, still could not reach








Content for Community-Ad