We help IT Professionals succeed at work.

VPN concentrator and hardware VPN client - no traffic

BobHarpur
BobHarpur asked
on
Medium Priority
424 Views
Last Modified: 2012-05-06
I am trying to setup a Cisco VPN concentrator 3000 with a hardware VPN client 3002.

These devices are used, and I am programming them for a new VPN setup.
I have not used these devices before, but I am familiar with VPN configuration on PIX and ASA devices.

The VPN concentrator is running OS version 4.7.2F, and the hardware client is running version 4.7.2L.

I started with the default config, then followed the instructions on this document:
http://www.cisco.com/application/pdf/paws/5402/vpn_3002_nem_5402.pdf
I noticed a few things that were missing, like enabling Network extension mode on the VPN concentrator group, and adding the network addresses.

Even after that, I can get the tunnel connected but can not get traffic to go accross. Is there more to setting this up, or does it need a software upgrade?
I don't have smartnet on these devices, so I want to know if the software upgrade will help before buying smartnet.

Thank you.
Comment
Watch Question

A familiar cause when you get connected but not able to access networks is not enabling nat traversal on both sides.

Have u enabled nat traversal?
Please double check your ACL's. Can you post snippets of your config

Author

Commented:
Thank you for the quick response.

Since this is a VPN concentrtor and not running standard IOS or normal Cisco commmand line, all the config is menu driven. I could not find any ACLs, or NAT traversal options.

Do you know where to find this on the VPN concentrator?

The following link tells you about enabling traversal on the VPN 3000 concentrator

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/prod_release_note09186a00801fc7a4.html

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
OK, sorry for the delay, I did not have access to the devices until today.

I tried the NAT traversal, and it did not work.

Has anyone used the VPN concentrator 3000 with the hardware client CVPN3002?

This must work for somebody.

Author

Commented:
I am ordering the Cisco Smart net for both devices.

I will upgrade the firmware, and then call cisco support if it still doesn't work.

Author

Commented:
After updating the firmware on both devices to the latest version. I worked with it for a little longer and got it to work.

I think the NAT Traversal did help, but I think one of the biggest problems that I had was that I was trying this as an isolated network, with the 2 devices external ports directly connected. When I put them on a network, and made thier default gateway a real internet getway, even though the external ports were still on the same network I got it to work.

I am not sure what it was that fixed it. Either firmware upgrade NAT Traversal, the lack of a default gateway, or the combination of all of these.

One other thing I discovered is that without split tunnelling, computers on the remote network has no Internet access.

Author

Commented:
The solution was good, that it did point me to look at NAT Traversal. Although I solved the rest of the problem myself.
The problem is that the person offering the solution did not know the specific devices I was working with. I am grateful for the general VPN advice that was given.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.