DVTI help

Unanswered Question
Sep 20th, 2007
User Badges:

Topology:

ClientPC----{internet}----2851router-----LAN


I've configured EzVPN using SDM, but remote users can't access anything inside the LAN and vice versa. When the tunnel is up, I can ping all the router interfaces from a remote PC, but not beyond the router. I can even run SDM via VPN, but nothing gets through to or from the LAN.


Users from the LAN can browse the Internet just fine.


Any help appreciated.


Attached is the config:


Some show commands:


1. show ip route:


Gateway of last resort is yy.yy.yy.yy to network 0.0.0.0


x.0.0.0/30 is subnetted, 1 subnets

C x.3.2.12 is directly connected, Serial0/1/1

192.168.50.0/32 is subnetted, 2 subnets

S 192.168.50.6 [1/0] via 0.0.0.0, Virtual-Access2

S 192.168.50.7 [1/0] via 0.0.0.0, Virtual-Access3

S* 0.0.0.0/0 [1/0] via 124.83.2.13

C 192.168.8.0/21 is directly connected, Vlan1



2. sh crypto sess detail

Crypto session current status


Code: C - IKE Configuration mode, D - Dead Peer Detection

K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication


Interface: Virtual-Access2

Session status: UP-ACTIVE

Peer: [public IP of remote PC] port 3947 fvrf: (none) ivrf: (none)

Phase1_id: VPN

Desc: (none)

IKE SA: local [router public IP]/4500 remote [public IP of remote PC]/3947 Active

Capabilities:CXN connid:1005 lifetime:23:21:54

IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 192.168.50.6

Active SAs: 2, origin: crypto map

Inbound: #pkts dec'ed 896 drop 0 life (KB/Sec) 4515170/1319

Outbound: #pkts enc'ed 348 drop 0 life (KB/Sec) 4515199/1319


Interface: Virtual-Access3

Session status: UP-ACTIVE

Peer: [public IP of remote PC] port 14741 fvrf: (none) ivrf: (none)

Phase1_id: VPN

Desc: (none)

IKE SA: local [router public IP]/4500 remote [public IP of remote PC]/14741 Active

Capabilities:CXN connid:1006 lifetime:23:50:30

IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 192.168.50.7

Active SAs: 2, origin: crypto map

Inbound: #pkts dec'ed 187 drop 0 life (KB/Sec) 4518566/3041

Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 4518590/3041



Thanks!



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htarra Wed, 09/26/2007 - 10:08
User Badges:
  • Bronze, 100 points or more

Virtual Tunnel Interface (VTI) while the remote spokes can be configured using VTI or crypto maps (supporting single proxy).

Check if you have configured ip address on the insde interface of the VPN client. I think your problem is related to cisco bug CSCek19217

Actions

This Discussion