Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1609
Views
0
Helpful
8
Replies

Unable to connect to Cisco VPN using secondary ISP Line

Go to solution
sagarshaha
Level 1
Level 1

‎09-21-2012 01:05 AM

Hi,

We are using Cisco VPN Client 5.0.07.0290 to connect to our servers. We have Sonicwall NSA2400 FW and we have 2 ISPs. We have configured the Load balancing on Firewall in 'Spill-Over' mode.

So whenever the 1st ISP Line is on full load it will automatically moves the users on 2nd line.

The problem we are facing here is users who are getting IP from 1st ISP Line they are smoothly able to connect to Cisco VPN client but the users who are getting IP from 2nd ISP Line they are not able to connect to Cisco VPN Client. This is really annoying as everyone should be able to connect.

It will be really great if someone can help me in same.

Thanks

PS: If we swap the line from Sonicwall the Vice-versa scenario haapens as mentioned above.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
srikanth ath
Level 4
Level 4

‎09-21-2012 03:39 AM

Hello sagar,

Correct me if i dint get you,

Being in your network i.e inside the firewall you are trying to connect to Cisco VPn client resides outside your network/Public network.

If above is the issue.

Kindly check the routes and the priority of the routes in sonicwall.

example:

ISP1: set  the metric as 1 for the traffic destined to cisco VPn gateway IP and specify to exit the traffic from ISP1 interface

ISP2: set  the metric 1 again for the traffic destined to cisco VPn gateway IP and specify to exit the traffic from ISP2 interface

source       destination   metric 1   interface

Kindly, Please rate the helpful posts and .

Thanks,

srikanth

View solution in original post

0 Helpful
8 Replies 8

Go to solution
srikanth ath
Level 4
Level 4

‎09-21-2012 03:39 AM

Hello sagar,

Correct me if i dint get you,

Being in your network i.e inside the firewall you are trying to connect to Cisco VPn client resides outside your network/Public network.

If above is the issue.

Kindly check the routes and the priority of the routes in sonicwall.

example:

ISP1: set  the metric as 1 for the traffic destined to cisco VPn gateway IP and specify to exit the traffic from ISP1 interface

ISP2: set  the metric 1 again for the traffic destined to cisco VPn gateway IP and specify to exit the traffic from ISP2 interface

source       destination   metric 1   interface

Kindly, Please rate the helpful posts and .

Thanks,

srikanth

0 Helpful

Go to solution
sagarshaha
Level 1
Level 1
In response to srikanth ath

‎09-21-2012 04:46 AM

Hi Shrikanth,

thanks for your reply.

You got my issue but we didnt specified anything into our Firewall specifically. It just picks up the internet connection and passes through.

Can you please suggest any guides or links to specify metrics.

Thanks,

Sagar

0 Helpful

Go to solution
sagarshaha
Level 1
Level 1
In response to srikanth ath

‎09-23-2012 11:32 PM

Hi shrikanth,

I tried below settings mentioned by you but still didnt worked. Can you please help me its really urgent.

Thanks in advance.

Regards,

Sagar

0 Helpful

Go to solution
srikanth ath
Level 4
Level 4
In response to sagarshaha

‎09-24-2012 12:29 AM

Hello Sagar,

set only a single route  for the cisco VPn gateway IP ISP2. Meaning allow only ISP2 to pass through the traffic for connectng ciscop VPN Gateway.

could you tell me via isp2, the clients are getting an IP ?

if not

Run a packet capture for the destination- and see whether there is an issue.

if yes

whether the users are only unable to access the internet?

address me with your issue, where i can help you out mate.

Thanks,

srikanth

0 Helpful

Go to solution
sagarshaha
Level 1
Level 1
In response to srikanth ath

‎09-25-2012 02:27 AM

Hi Srikanth,

Thanks for your reply !!

Yes, i have set the route as you said....from my internal subnet to cisco Gateway from ISP2.

Yes, client gets ISP2 IP and they are able to access the internet too.

My Issue is only that....when they get ISP2 IP, they wont be able to connect Cisco VPN Client.

Thanks for your help !!

Regards,

Sagar

0 Helpful

Go to solution
srikanth ath
Level 4
Level 4
In response to sagarshaha

‎09-25-2012 04:12 AM

Hello Sagar,

sorry for the confusion..Messed up really...

yes, client gets ISP2 IP and they are able to access the internet too ?

from where they are getting an IP private ip/public?

an ISP is issuing an IP for all your clients or what?

please clear the above points and can you please run a packet capture source  and destination as

and attach here in a notepad.

Regards

sriaknth

0 Helpful

Go to solution
sagarshaha
Level 1
Level 1
In response to srikanth ath

‎09-25-2012 11:56 PM

Srikanth, thanks for all your help and being patient all the long. Problem is solved now....

You rocks man

Cheers,

Sagar

0 Helpful

Go to solution
srikanth ath
Level 4
Level 4
In response to srikanth ath

‎09-25-2012 11:57 PM

Hello sagar,

Glad it worked for you,

add a secondary route to ISP2 if in case ISP1 fails:

example

source   destination interface gateway < isp1 default gateway> metric <1>

if an  ISP1 fails: add a second route with higher AD for ISP2

source   destination interface gateway < isp2 default gateway> metric <4>

Hope this helps you,

Please rate the helpfull posts,

Regards,

srikanth

0 Helpful
Customers Also Viewed These Support Documents