Solved

VPN Remote Access

Posted on 2009-05-14
4
370 Views
Last Modified: 2012-05-07
A customer just purchase VPN licensed for their CP NG R55.  I have setup VPN Remote Access to allow SecurRemote clients access over the internet.  I am able to establish VPN connection with SecurRemote over internet, however I'm not able to ping any internal IP addresses once connected with SecurRemote.  The Smartview Tracker log shows logon and key install succesful.  Also, I have verify the rule for RemoteAccess has "any" for destination and services in Rule base.   ANy reason why I can't ping internal IP address?
0
Comment
Question by:hotrod_952
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:bignewf
ID: 24389419
Hello hotrod 952

your config would be helpful, but check your config for the following:

sysopt permit vpn (or ipsec, depending on IOS version)
check your NAT0 statements allowing the ip addresses or ip ranges from this remote site to your internal lan ip ranges
0
 

Author Comment

by:hotrod_952
ID: 24395004
This is for Remote Access for SecuRemote over the internet, not VPN tunneling.
0
 
LVL 15

Expert Comment

by:bignewf
ID: 24402848
Do your internal routers have routes for your vpn clients to reach the internal lan, and do your vpn clients have routes to your internal networks?

have you run a "route print"  command at the command prompt?
0
 

Accepted Solution

by:
hotrod_952 earned 0 total points
ID: 24423726
I figure out the issue.  This particular customer's internal network ip address 192.168.*.* is the same as my home network.  Because SecureRemote doesn't allow you to setup Office Mode on the FW Gateway you must make sure that the home network isn't the same as the customer's internal network.  If so, then the packet doesn't know how to route out to the external gateway.  
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now