05-29-2003 08:09 AM - edited 02-21-2020 12:34 PM
Hi, I installed a 3000 Concentrator for remote access clients for a customer. When I initiate a VPN session to the 3000 over dial-up, all is well. I can access all internal LAN resources.
Now, when I initiate a session from home (behind a firewall) over a DSL connection, I can establish a session to the 3000, I receive an IP address from the pool, but not able to ping anything on the internal LAN. I know that it is not a config issue on my firewall because am able to initiate VPN sessions to other customer's 3000 Concentrators and access all internal LAN resources.
I'm stumped! Any ideas?
Thanks in Advance!
TV
05-29-2003 11:17 AM
Do you have a Switch on the internal network or an RSM. If so you need to set a route from your network out the VPN's internal address.
05-29-2003 01:05 PM
Yes, the customer has a 6509 w/ MSFC set as the tunnel default gateway. We added a static route to the VPN Client pool/subnet w/ next hop of the 3000's private interface.
Everythig works great when the VPN client connects to the internet via dial-up. I just can't figure out why things do not work from a home DSL connection behind a firewall.
05-29-2003 11:58 AM
Do you have UDP 10000 enabled on the Client and the Concentrator for the non working scenerio?
05-29-2003 01:49 PM
I enabled the "Use IPSec over TCP (NAT/PAT/Firewall) TCP port 1000 and that solved my problem. This is the first time I have ran into this problem after doing a number of VPN Concentrator installs. I wonder if it is related to the software rev on the concentrator? This particular concentrator is the only one that I have configured using 4.0.1. The others were older (3.5.2 rev).
Nevertheless, thank you very much for providing me with the fix!
TV
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide