• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 399
  • Last Modified:

VPN concentrator and hardware VPN client - no traffic

I am trying to setup a Cisco VPN concentrator 3000 with a hardware VPN client 3002.

These devices are used, and I am programming them for a new VPN setup.
I have not used these devices before, but I am familiar with VPN configuration on PIX and ASA devices.

The VPN concentrator is running OS version 4.7.2F, and the hardware client is running version 4.7.2L.

I started with the default config, then followed the instructions on this document:
http://www.cisco.com/application/pdf/paws/5402/vpn_3002_nem_5402.pdf
I noticed a few things that were missing, like enabling Network extension mode on the VPN concentrator group, and adding the network addresses.

Even after that, I can get the tunnel connected but can not get traffic to go accross. Is there more to setting this up, or does it need a software upgrade?
I don't have smartnet on these devices, so I want to know if the software upgrade will help before buying smartnet.

Thank you.
0
BobHarpur
Asked:
BobHarpur
  • 5
  • 3
1 Solution
 
thesherminatorCommented:
A familiar cause when you get connected but not able to access networks is not enabling nat traversal on both sides.

Have u enabled nat traversal?
0
 
thesherminatorCommented:
Please double check your ACL's. Can you post snippets of your config
0
 
BobHarpurAuthor Commented:
Thank you for the quick response.

Since this is a VPN concentrtor and not running standard IOS or normal Cisco commmand line, all the config is menu driven. I could not find any ACLs, or NAT traversal options.

Do you know where to find this on the VPN concentrator?

0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
thesherminatorCommented:
The following link tells you about enabling traversal on the VPN 3000 concentrator

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/prod_release_note09186a00801fc7a4.html
0
 
BobHarpurAuthor Commented:
OK, sorry for the delay, I did not have access to the devices until today.

I tried the NAT traversal, and it did not work.

Has anyone used the VPN concentrator 3000 with the hardware client CVPN3002?

This must work for somebody.
0
 
BobHarpurAuthor Commented:
I am ordering the Cisco Smart net for both devices.

I will upgrade the firmware, and then call cisco support if it still doesn't work.
0
 
BobHarpurAuthor Commented:
After updating the firmware on both devices to the latest version. I worked with it for a little longer and got it to work.

I think the NAT Traversal did help, but I think one of the biggest problems that I had was that I was trying this as an isolated network, with the 2 devices external ports directly connected. When I put them on a network, and made thier default gateway a real internet getway, even though the external ports were still on the same network I got it to work.

I am not sure what it was that fixed it. Either firmware upgrade NAT Traversal, the lack of a default gateway, or the combination of all of these.

One other thing I discovered is that without split tunnelling, computers on the remote network has no Internet access.
0
 
BobHarpurAuthor Commented:
The solution was good, that it did point me to look at NAT Traversal. Although I solved the rest of the problem myself.
The problem is that the person offering the solution did not know the specific devices I was working with. I am grateful for the general VPN advice that was given.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now