Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
660
Views
3
Helpful
2
Replies

VPN client > branch office > head office

Go to solution
nmackovski
Level 1
Level 1

‎04-09-2003 07:55 AM - edited ‎02-21-2020 12:28 PM

My remote users can successfully connect to their branch office (Cisco 3005 Concentrator) and access all resources on LAN. However, they cannot access resources located at head office? The branch office has a LAN-to-LAN tunnel to head office. Users physically located at branch office can access resources at head office through the LAN-to-LAN tunnel.

I have "Tunnel Everything" configured for my remote users. When I perform a trace route (as a remote user) to a server located at head office, the packet is sent to the 3005's default gateway and not through the established LAN-to-LAN tunnel. My current setting for "Tunnel Default Gateway" is 0.0.0.0. Is this an issue?

The 3005 will not allow me to enter its own private IP address as a Tunnel Default Gateway. In a normal setup, I understand a downstream router or firewall would be the Tunnel Default Gateway. But I only have the 3005 at the remote office, it is the default gateway for the branch office LAN.

Is my traffic flow possible using a single 3005 - can a client who has created a remote access tunnel, then go through a LAN-to-LAN tunnel? (in the same 3005 VPN device) Please advise.

cheers,

Nick Mackovski

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
afakhan
Level 4
Level 4

‎04-09-2003 08:10 PM

Hi,

Please make sure that you are Not using 3.6.7(A or B or C), you can use 3.6.7Rel though, or D rev., above OS have issue that prevents that.

0.0.0.0 setting is ok, make sure that override checkbox is not checked, and then configure your L2Ls to include the Pool of IPs that you are assigning to the vpn clients, and same thing on the headend device(symmetrical crypto ACLs or Network List), you dont need a route to do that.

Thx

Afaq

View solution in original post

2 Replies 2

Go to solution
afakhan
Level 4
Level 4

‎04-09-2003 08:10 PM

Hi,

Please make sure that you are Not using 3.6.7(A or B or C), you can use 3.6.7Rel though, or D rev., above OS have issue that prevents that.

0.0.0.0 setting is ok, make sure that override checkbox is not checked, and then configure your L2Ls to include the Pool of IPs that you are assigning to the vpn clients, and same thing on the headend device(symmetrical crypto ACLs or Network List), you dont need a route to do that.

Thx

Afaq

Go to solution
nmackovski
Level 1
Level 1
In response to afakhan

‎04-10-2003 02:05 PM

Afaq,

Thanks for the quick response to my question.

I was able to locate the bug id for this problem. Bug id is CSCea41973.

I upgraded the 3005 to 3.6(7)D and my issue has been resolved. Thanks for your assistance.

cheers,

Nick

0 Helpful
Customers Also Viewed These Support Documents