In order to get the routers to advertise their routing tables via BGP I had to create an ACL listing all the locally attached subnets including VPN clients. Then we switched to a MPLS-like solution and they require BGP. In the distant past there were point to point t1's in MLPPP mode connecting the sites and no fancy routing was required, just a couple of static routes. Today I found what appears to be the solution and its related to the link and routing between the two office main sites. All but one of the remote VPN routers are 871 or 871w. But when the ezvpn client mode was changed to "network-extension" or "network-plus" the remote hosts could only access the internet and nothing on the broader corporate LAN/WAN. I found that when remote hardware clients were in "client" mode that hosts behind those remote routers could access both the site their router was connected to and the other main office site (basically functioning as expected and desired). We have two main office sites and each has a 2800-series router. I had seen that and it didn't really tell me anything new. Where do I start investigating? Do I need to make any config changes on the ezVPN server side? Any help is appreciated! I did notice that the routing table on the HQ router is updated with a subnet entry for the subnet behind the SOHO router whenever I have one of those NEM tunnels up, but still no traffic is flowing. All this leads me to think that maybe there's a routing issue or some other configuration problem but from a conceptual standpoint I don't really understand where to start digging. I tried turning on all relevant logging on the remote 800 router but when I attempt ping tests either from it or from the HQ side I see no traffic or log entries. They are still able to access the internet. I tried changing the ezVPN mode on one of the hardware clients to NEM but whenever I do this the tunnel stays up but the clients can no longer access resources on the HQ LAN.
I have those remote locations using unique subnets in anticipation of switching over to Network Extension Mode (NEM) so that I can manage PCs and servers at one of the growing sites. Remote users can access resources on the company LAN via the tunnel and can also go out to the internet directly. I have split-tunnel enabled and everything seems to function as expected. As its currently set up, the remote clients use EZVPN to initiate a tunnel to the 2811 at the office. I have a small business network utilizing Cisco 2800 ISRs at the HQ office and 800-series ISRs at some home and remote small-office locations.
0 kommentar(er)
