Hi,
I have next Problem. We have Cisco VPN 3005 Concentrator ver 3.6.1 and Cisco VPN client ver 3.6.1.
We have IPSec tunnel between client and concentrator.
Allmost everything working fine, except - from LAN (10.21.x.x)I can not ping client Assigned IP address ! (eg. 10.21.60.100). Clients get IP address for VPN tunnel from 10.21.60.x pool.
I can ping VPN 3005 intern and extern port, ISP's router ,
client's public IP address (e.g. 217.23.204.142), everything, but I can not ping client's assigned IP address.
If I make trace, from LAN, packets came to internal port of VPN concentrator and didn't go out.
I tried to make static Route from external port of VPN 3005 to clients Assigned address pool (eg. 10.21.60.0/24) - doesn't work, change NAT etc. but without success!
We have also Netscreen NS 25 and NS5 for LAN to LAN VPN tunneling (IPSec) and there I can do ping from one LAN to another LAN with private address (e.g. 10.21.70.1 <-> 10.21.80.0/24 )!
I compared both configuration (Netscreen an Cisco)but I could not find the solutions.
I know I can not see forest behind the tree #-) %-)
Can anybody help?
Thanks
I have next Problem. We have Cisco VPN 3005 Concentrator ver 3.6.1 and Cisco VPN client ver 3.6.1.
We have IPSec tunnel between client and concentrator.
Allmost everything working fine, except - from LAN (10.21.x.x)I can not ping client Assigned IP address ! (eg. 10.21.60.100). Clients get IP address for VPN tunnel from 10.21.60.x pool.
I can ping VPN 3005 intern and extern port, ISP's router ,
client's public IP address (e.g. 217.23.204.142), everything, but I can not ping client's assigned IP address.
If I make trace, from LAN, packets came to internal port of VPN concentrator and didn't go out.
I tried to make static Route from external port of VPN 3005 to clients Assigned address pool (eg. 10.21.60.0/24) - doesn't work, change NAT etc. but without success!
We have also Netscreen NS 25 and NS5 for LAN to LAN VPN tunneling (IPSec) and there I can do ping from one LAN to another LAN with private address (e.g. 10.21.70.1 <-> 10.21.80.0/24 )!
I compared both configuration (Netscreen an Cisco)but I could not find the solutions.
I know I can not see forest behind the tree #-) %-)
Can anybody help?
Thanks