1. Home
  2. Cisco Systems
  3. VPN Client Routing Issues

VPN Client Routing Issues

Hi,

I have cisco pix 515e with OS 7.2 on it We have vpn client version 5 (the latest revision)

I have multiple subnets terminating a vpn off the pix and then on the LAN behind the pix we have a router which is connected to another couple of subnets via mpls

NOW when i vpn in with the client (after configuration) i can get to the subnets with terminate a vpn off the pix but i cannot route to the subnets via the router which connects to the mpls network!

I have tried adding in static routes and redistribute routes and a couple of other things but any suggestions would be very helpful!

Thanks

John

Reply to
masterbullfrog
Loading thread data ...

John, Does your mpls router know about your VPN subnets?

ie: I connect to the VPN and get address 10.1.1.1 on 10.1.1.0/24. Now I ping a network behind the mpls router. Fine, my PIX knows how to get the traffic to the mpls router, but does the mpls router know how where the 10.1.1.0/24 network is?(your pix) If not, you need a route in the mpls router.

ip route 10.1.1.0/24 255.255.255.0 ip.address.of.internal.pix.interface

Reply to
amattina

I cant get the routing information for the ip pool we are using to redistribute into the mpls network for some wierd reason, Even if i do static routes to send it over the mpls network it doesnt work! so i am at a loss at the minute.

I have a static route from the mpls router on site with the pix for the 192.168.237.0/24 traffic (the ip pool for vpn users) this i tried redistributing into BGP but i could not see it propagate. BGP is what we where told to use as we are uplinking to a service provider for this mpls network. We also have rip running and i tried adding in the network to that and tried to redistribute the static route into rip as well but to no avail. So at this stage i am a little bit frustrated!

Any help or suggestions you can provider would be great!

Thanks in advance

Reply to
masterbullfrog

With regards to static redistribution into BGP,

Is the route 192.168.237.0/24 in the local CE router BGP routing table ( the onsite MPLS router )?

show ip bgp 192.168.237.0/24

Is the route being advertised via BGP to the upstream MPLS PE router ?

sh ip bgp x.x.x.x advertised-routes

If you see that you are advertising the route to the PE router but that it is not present on your other CE routers, then have the service provider , verify that the route is in the your VRF's routing tble on the PE router

Reply to
Merv

Excellent,

i looked into it a bit more from your advice merv and found it wasnt announcing the route, i went back over the commands and it wasnt redistributing my static routes at all! so modified it around and its now annoucing the routes! the last issue now is when the traffic goes back to the pix, it is coming up witha no translation group error message

basically the ip pool we use here is 192.168.237.0/24 and the remote mpls subnet we are trying to contact is 192.168.60.0/24 the subnet to which the pix terminates onto is 192.168.1.0/24

have you any ideas on this possibly?

Thanks again, for the above you have really helped me out!

Reply to
masterbullfrog

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.