Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
0
Helpful
2
Replies

IPSec tunnel works for router only

tato386
Level 6
Level 6

‎04-16-2005 01:15 PM - edited ‎02-21-2020 01:43 PM

I am using a 1711 to make a dynamic IPSec tunnel to a PIX firewall. The tunnel is established and traffic flows thru it but ONLY from the 1711 router. That is, the 1711 can ping and communicate with all hosts behind the PIX via the tunnel but none of the client PCs on the 1711's LAN can ping accross the tunnel. My setup is as follows:

- 192.168.3.1 ADSL modem/router from ISP getting dynamic public IP on DSL interface

- 192.168.3.2 1711 "WAN" interface (one armed router)

- 192.168.3.50-100 IPs of client PCs

The ADSL modem is the default GW for all PCs including the 1711. The ADSL has a static route for the remote network (192.168.1.0/24) via the 1711 at 192.168.3.2.

I am thinking of making the PCs default to the 1711 just to test but I don't think I should need to do this. Also, this would mean turning off DHCP on the ADSL modem/router and setting DHCP up on the 1711 which is pain.

Also, is it worth it to try to use some other interface on the 1711?

Thanks,

Diego

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎04-16-2005 01:55 PM

I suspect that the problem is that the PCs are ARPing for their default gateway at 192.168.3.1, and not getting an ARP response. So they can not get to anything outside.

I believe that it would work much better if the PC default gateway was the router interface at 192.168.3.2. This way the PC would ARP for its default gateway, the router would answer, the PC would send a packet to the router, and the router will forward to the ADSL modem.

Your last question is whether it is worth it to use some other interface on the 1711. What other interfaces do you have available? It is possible that if there were another interface available you could connect PCs on one interface, connect ADSL modem on another interface, configure ip helper-address on the PC interface which would point to the ADSL modem as the DHCP server.

HTH

Rick

HTH

Rick
0 Helpful

tato386
Level 6
Level 6
In response to Richard Burts

‎04-16-2005 03:48 PM

The router has a built-in 4 port switch. I can setup a VLAN1 IP for the switch ports. However I don't want to use two interfaces on the router because the ADSL modem also has wireless capability which would then have wireless clients on a different LAN than wired clients. Obviously doable but I want to keep things simple.

I think I will go with having the Cisco be the default GW and see what happens.

Thanks,

Diego

0 Helpful
Customers Also Viewed These Support Documents