Buit-in Cisco VPN client problem.
Hello, some days ago I discovered interesting problem with Cisco built-in VPN client.
At our main office we have Cisco 1811 with EasyVPN enabled to give access to file server our outside workers.
This is a some detail
!
crypto isakmp client configuration group vpn
key *******
dns 192.168.10.91
domain domain.tld
pool vpn_pool
acl 102
netmask 255.255.255.240
!
access-list 102 permit ip 192.168.10.0 0.0.0.255 any
!
ip local pool vpn_pool 192.168.11.1 192.168.11.14
!
ip dhcp pool dhcp_pool
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
option 42 ip 192.168.10.3
domain-name domain.tld
dns-server 192.168.10.91
lease 10
!
So, internal subnet 192.168.10.0/24
VPN pool 192.168.11.1/28
ACL 102 it is Split Tunnel to corporate LAN (to 192.168.10.0/24)
Users can VPN & reach every thing they need, but they can not see each other in VPN subnet.
For example they can not ping each other.
I actually need it to make some necessary repair with they Macintosh
FIrst time I thought it is routing related problem, but routing table looks good
t1000:~ ap$ ifconfig utun1
utun1: flags=8051 mtu 1280
inet 192.168.11.13 –> 192.168.11.13 netmask 0xfffffff0
t1000:~ ap$ netstat -nr | grep 192.168.11
192.168.10 192.168.11.13 UGSc 11 11 utun1
192.168.11/28 192.168.11.13 UGSc 1 0 utun1
192.168.11.13 192.168.11.13 UH 15 21 utun1
But most important & strange for me that I can not ping my self!
t1000:~ ap$ ping 192.168.11.13
PING 192.168.11.13 (192.168.11.13): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Firewall is disabled.
Then I go to PC with Windows XP, setup Cisco VPN client for windows & check everything I told before & all working very well.
I can ping my self, I can reach neighbor in VPN subnet.
Any idea?
.
.
Comments are closed