RE: VPN Concentrator with VPN Clients

If what you said is true (you can't authenticate), you aren't at this point
yet. Can you ping the authentication server from the concentrator? Is it
configed in the authentication servers?

Please post your relevant configs and any log messages before you go any
further. Otherwise we are all just shooting in the wind here.

tv

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Haroon
Sent: Wednesday, October 07, 2009 11:23 AM
To: Ryan West
Cc: Cisco certification
Subject: Re: VPN Concentrator with VPN Clients

Hi Ryan,

Thanks. The concentrator has one interface in the internal LAN
(192.168.1.5) and other one is public... I did try different subnet pool on
the concentrator and statically route from the internal LAN gateway
(192.168.1.1) to concentrator and back but that didn't work either.

I even tried adding static routes on windows XP machine that I am using to
test, still nothing.

regards,

haroon

On Wed, Oct 7, 2009 at 12:02 PM, Ryan West <rwest_at_zyedge.com> wrote:

> Haroon,
>
> The concentrator usually does RRI. I wasn't really sure, but you did say
> that you tried assigning a local pool and statically routing that network
> from your router to your concentrator? If the concentrator is on a
> logically separate network than what your DHCP is assigning and that
network
> is local to the router or the clients, you can see the routing issue
there.
> If you want to use it in that manner, the concentrator would need to sit
on
> your internal network.
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Haroon
> Sent: Wednesday, October 07, 2009 11:56 AM
> To: Cisco certification
> Subject: OT: VPN Concentrator with VPN Clients
>
> Hello Experts,
>
> Sorry about back to back OT posts but maybe I am too dumb for this crap
and
> someone can help me with this.... I am trying to configure CVPN 3030
> Concentrator to work with either Microsoft vpn client or Cisco VPN client
> 5.0.03.
>
> I have configured two groups: 1) pptp to work with MS and 2) IPSecGroup to
> work with the cisco vpn client. I cannot make any connection with ms vpn
> client, however, I am able to authenticate with active directory and get
an
> ip address from our internal dhcp server when I use cisco vpn client(ip
sec
> group). After the connection is established, I cannot ping or browse any
> servers behind the concentrator. I even tried different subnet dhcp range
> and adding static routes on the concentrator and router behind it (local
> LAN) but no go.
>
> I have tried following the cisco documents to the last letter, google
> search
> and I tried configuring it using my own understanding of this but no luck.
> Is there some setting that I am missing in the concentrator? I don't care
> which client I use (MS preferred) as long as concentrator can
intelligently
> pass traffic through to the other side as it is with the 4 site to site
> VPNs.
>
> regards,
>
> Haroon
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 07 2009 - 11:41:59 ART