vpn client access to router subnet

james.bardin · ‎11-04-2004

i'm new to using cisco products.

most of my setup is using SDM2.0

i'm using cisco vpn clinet for windows and 'easy vpn' server

router using nat.

boss wants to be able to vpn into the local lan, and establish a windows networking session (netbios over tcp/ip).

i can get tunnels up and working, but it seems all packets are forwarded to the wan. (internet works fine)

can't ping anything on the subnet of the router. vpn client got a correct address in the same subnet pushed down be the router. client sends windows logon info, but doesn't get any responses.

set firewall to allow everything, no difference.

rules are in effect in the nat to protect vpn traffic

i'm a little fuzzy on where the vpn traffic is inserted into the chain of events in the router.

do i need a static route to catch the correct subnet packets?

is this possible just using the easyvpn server?

jsivulka · ‎11-09-2004

Assuming that your basic setup is correct, you could refer to the document below for problems with browsing Network Neighborhood

http://www.cisco.com/warp/public/471/vpn-net-hood.html

pkapoor · ‎11-09-2004

First of all traffic you are trying to send must be unicast (no broadcast and not even multicast).

If you are using anything less than the 4.0.3.D version of the VPN Client, upgrade.

Make sure that split-tunneling is configured properly and that the VPN Client is receiving the routes from the VPN server. This you will find in the client's Statistics panel. Make sure you have your domain name and DNS being pushed down to the client too.

BTW, if you cannot even ping with IP, then there is something wrong in the split-tunneling, the permissions with ICMP, and/or the IP pool you are assigning to the VPN Client. Make sure that it does not overlap with any L2L tunnels you may have on the router and that the IP you are trying to ping is routed properly to the client's assigned IP.