On my network I have a Cisco 3005 VPN concentrator with a public IP of 66.X.X.X and private IP of 172.X.X.X that works fine. I recently ordered a 2nd T1 from our ISP with the need to add a 2nd 3005 VPN. VPN2 sits on a public of 70.X.X.X and on the same private network. From the Internet, I can access either VPN and go through my 2003 ACS server for AAA and see the inside network of servers. A problem is occurring with several of my remote users in that they can no longer connect to VPN1 yet have full Internet capabilities, while other clients have no connection issues.
No one is currently using VPN2 due to network testing and setup... all user VPN clients point to VPN1. I found that if I power off VPN2, those clients who were unable to connect can now do so. There seems to be no clear reason -- all are XP SP2 and broadband... some via wireless while others are hard wired. I tried putting VPN2 on a different internal Vlan and thought I had some success but later found that it too was causing failures. No errors are showing on the ACS server as far as failed logins. When VPN2 is up, I see successful logins from test connections as well as normal logins from VPN1 traffic.
Any thoughts would be much appreciated.
Rigel
This conversation is currently closed to new comments.
It appears that there were some routing issues on the internal network that were causing this problem. Trying to setup a remote site on a Cisco 871 to do direct VPN tunnel into VPN2 and some related commands there messed up routing.
Still fighting the 871 config but that's another story.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Cisco 3005 VPN issue
No one is currently using VPN2 due to network testing and setup... all user VPN clients point to VPN1. I found that if I power off VPN2, those clients who were unable to connect can now do so. There seems to be no clear reason -- all are XP SP2 and broadband... some via wireless while others are hard wired. I tried putting VPN2 on a different internal Vlan and thought I had some success but later found that it too was causing failures. No errors are showing on the ACS server as far as failed logins. When VPN2 is up, I see successful logins from test connections as well as normal logins from VPN1 traffic.
Any thoughts would be much appreciated.
Rigel