VPN Problems

Unanswered Question
May 28th, 2007

I need a quick fix to this... I've tried everything known to me and then some!! I'm not use to setting up VPNs on a router, only through a pix... I've added access-lists to cover all my bases but still am unable to get this going. I can connect to the VPN fine and get an IP, however, I cannot access the internal network on f0/0. With this config, if I try to ping something on the internal network, I get responses from the outside interface... Quick help is appreciated!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 05/29/2007 - 07:21


I suspect that your problem is the address translation on the serial interface (where the crypto map is). I believe that you need to add in access list 110 a line before the existing lines which would deny ip with source 10.0.10.x and destination 10.0.11.x.



tduplantis Thu, 05/31/2007 - 06:36

Thanks for the reply, but I ended up going with VPDN just to get it finished. This was easier on the customer anyway since they didn't have to worry about the cisco vpn client.

sdesteuben Mon, 07/02/2007 - 18:55

your 102 ACL was messed up aswell


access-list 102 deny ip

access-list 102 deny ip

access-list 102 permit ip any

access-list 102 permit ip any

access-list 102 permit ip any

access-list 102 permit ip any

All you need:

!--- this deny's your client ip network from being nat'd out to wan. forces it over the tunnel

access-list 101 deny ip any

!--- permit the local traffic to be nat'd to wan.

access-list 101 permit ip any


This Discussion