Re: VPN Concentrator with VPN Clients

With Cisco VPN Client (IPSecGroup) I can authenticate with active directory,
I can ping the domain controller from concentrator, I can get IP address
from the internal DHCP server but no traffic passes through.

With pptp (microsoft client) it doesn't even TRY to make connection...

I will post some screenshots of the configuration.

Thanks,

Haroon

On Wed, Oct 7, 2009 at 12:41 PM, Tony Varriale
<tvarriale_at_flamboyaninc.com>wrote:

> If what you said is true (you can't authenticate), you aren't at this point
> yet. Can you ping the authentication server from the concentrator? Is it
> configed in the authentication servers?
>
> Please post your relevant configs and any log messages before you go any
> further. Otherwise we are all just shooting in the wind here.
>
> tv
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Haroon
> Sent: Wednesday, October 07, 2009 11:23 AM
> To: Ryan West
> Cc: Cisco certification
> Subject: Re: VPN Concentrator with VPN Clients
>
> Hi Ryan,
>
> Thanks. The concentrator has one interface in the internal LAN
> (192.168.1.5) and other one is public... I did try different subnet pool on
> the concentrator and statically route from the internal LAN gateway
> (192.168.1.1) to concentrator and back but that didn't work either.
>
> I even tried adding static routes on windows XP machine that I am using to
> test, still nothing.
>
> regards,
>
> haroon
>
> On Wed, Oct 7, 2009 at 12:02 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
> > Haroon,
> >
> > The concentrator usually does RRI. I wasn't really sure, but you did say
> > that you tried assigning a local pool and statically routing that network
> > from your router to your concentrator? If the concentrator is on a
> > logically separate network than what your DHCP is assigning and that
> network
> > is local to the router or the clients, you can see the routing issue
> there.
> > If you want to use it in that manner, the concentrator would need to sit
> on
> > your internal network.
> >
> > -ryan
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > Haroon
> > Sent: Wednesday, October 07, 2009 11:56 AM
> > To: Cisco certification
> > Subject: OT: VPN Concentrator with VPN Clients
> >
> > Hello Experts,
> >
> > Sorry about back to back OT posts but maybe I am too dumb for this crap
> and
> > someone can help me with this.... I am trying to configure CVPN 3030
> > Concentrator to work with either Microsoft vpn client or Cisco VPN client
> > 5.0.03.
> >
> > I have configured two groups: 1) pptp to work with MS and 2) IPSecGroup
> to
> > work with the cisco vpn client. I cannot make any connection with ms vpn
> > client, however, I am able to authenticate with active directory and get
> an
> > ip address from our internal dhcp server when I use cisco vpn client(ip
> sec
> > group). After the connection is established, I cannot ping or browse any
> > servers behind the concentrator. I even tried different subnet dhcp range
> > and adding static routes on the concentrator and router behind it (local
> > LAN) but no go.
> >
> > I have tried following the cisco documents to the last letter, google
> > search
> > and I tried configuring it using my own understanding of this but no
> luck.
> > Is there some setting that I am missing in the concentrator? I don't care
> > which client I use (MS preferred) as long as concentrator can
> intelligently
> > pass traffic through to the other side as it is with the 4 site to site
> > VPNs.
> >
> > regards,
> >
> > Haroon
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 07 2009 - 12:47:45 ART