cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
hsrich
New Contributor

Client VPN connection

I am working with a 3430 and recently the settings got wiped from the appliance. I am seeing the clients connected and both IPSEC and IKE are showing as UP. My problem is that the clients can not access the local network. I am assuming it has something to do with the routing table which is attached as a PDF. I am just at a loss because I see they are connecting to the VPN but they can not access any of the network they are connecting to.

Labels (1)
0 Kudos
6 Replies
hsrich
New Contributor

Re: Client VPN connection

I have removed one of the statics because it wasn't apart of my tracert.

Anonymous
Not applicable

Re: Client VPN connection

I'd be more interested in seeing your traffic selectors for the VPN.  Are you using the Adtran client or another such as Shrew Soft?

Thanks

Re: Client VPN connection

As vmaxdawg05 suggests, if the device settings were wiped, then it is most likely that the policy entries and ACLs for the VPN clients were lost.  You will need to recreate these (either using the GUI or a terminal) to allow bidirectional connections to/from the LAN for the VPN pool.  Coming to think of it you will probably also need to recreate the VPN pool ip-range too, depending on how much of the settings were deleted.

If you have not changed too much on the running device, it is worth trying to recover the settings from RAM.  Try to check the output of:

  #show running-config

Which you can save in a text file on your PC and reload  as backed_up.cfg.  Hopefully all the previous settings will still be there, otherwise without a back up you'll have to create them afresh.

Hope this helps.

hsrich
New Contributor

Re: Client VPN connection

We are using the Shrew client to connect to the vpn. Where would I find the traffic selectors?

Anonymous
Not applicable

Re: Client VPN connection

The traffic selectors will be listed in you VPN configuration on the 3430. In the GUI it will be towards the bottom of the web page. In the CLI, type:

Show access-list and Enter.

Somewhere in your list, you will see the VPN traffic selector(s):

Example:

Extended IP access list VPN-160-vpn-selectors

permit ip 10.83.0.0 0.0.255.255 10.86.21.0 0.0.0.255 (3 matches)

You can also make sure that there are still traffic selectors by typing “Show run ip crypto” and Enter

There should be a selector/acl displayed

Example:

crypto map VPN 160 ipsec-ike

match address VPN-160-vpn-selectors

set transform-set esp-3des-esp-md5-hmac

ike-policy 100

Lastly,

Make sure the selectors are listed in you IP Policy Classes both Public and Private side:

Show ip policy-class Public

Example:

Entry 3 - allow reverse list VPN-160-vpn-selectors stateless

Show ip policy-class Private

Entry 3 - allow list VPN-160-vpn-selectors stateless

Anonymous
Not applicable

Re: Client VPN connection

-

I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor