6 Replies Latest reply on Jul 9, 2013 6:33 AM by noor

    Client VPN connection

    hsrich New Member

      I am working with a 3430 and recently the settings got wiped from the appliance. I am seeing the clients connected and both IPSEC and IKE are showing as UP. My problem is that the clients can not access the local network. I am assuming it has something to do with the routing table which is attached as a PDF. I am just at a loss because I see they are connecting to the VPN but they can not access any of the network they are connecting to.

        • Re: Client VPN connection
          hsrich New Member

          I have removed one of the statics because it wasn't apart of my tracert.

            • Re: Client VPN connection
              vmaxdawg05 Past_Featured_Member

              I'd be more interested in seeing your traffic selectors for the VPN.  Are you using the Adtran client or another such as Shrew Soft?



                • Re: Client VPN connection
                  hsrich New Member

                  We are using the Shrew client to connect to the vpn. Where would I find the traffic selectors?

                    • Re: Client VPN connection
                      vmaxdawg05 Past_Featured_Member

                      The traffic selectors will be listed in you VPN configuration on the 3430.  In the GUI it will be towards the bottom of the web page.  In the CLI,  type:




                      Show access-list and Enter.




                      Somewhere in your list, you will see the VPN traffic selector(s):






                      Extended IP access list VPN-160-vpn-selectors


                         permit ip     (3 matches)




                      You can also make sure that there are still traffic selectors by typing “Show run ip crypto” and Enter




                      There should be a selector/acl displayed






                      crypto map VPN 160 ipsec-ike


                        match address VPN-160-vpn-selectors


                        set transform-set esp-3des-esp-md5-hmac


                        ike-policy 100








                      Make sure the selectors are listed in you IP Policy Classes both Public and Private side:




                      Show ip policy-class Public






                        Entry 3 - allow reverse list VPN-160-vpn-selectors stateless




                      Show ip policy-class Private




                        Entry 3 - allow list VPN-160-vpn-selectors stateless

                        • Re: Client VPN connection

                          hsrich -

                          I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.




                  • Re: Client VPN connection
                    mick Visitor

                    As vmaxdawg05 suggests, if the device settings were wiped, then it is most likely that the policy entries and ACLs for the VPN clients were lost.  You will need to recreate these (either using the GUI or a terminal) to allow bidirectional connections to/from the LAN for the VPN pool.  Coming to think of it you will probably also need to recreate the VPN pool ip-range too, depending on how much of the settings were deleted.


                    If you have not changed too much on the running device, it is worth trying to recover the settings from RAM.  Try to check the output of:


                      #show running-config


                    Which you can save in a text file on your PC and reload  as backed_up.cfg.  Hopefully all the previous settings will still be there, otherwise without a back up you'll have to create them afresh.


                    Hope this helps.