03-09-2008 09:24 AM - edited 02-21-2020 03:36 PM
Hello,
I have configured a Cisco 857 device. I can connect to the internet. I can also establish VPN connections remotely.
However, once I have established a VPN connection, I cannot ping any system on the company LAN.
I have seen several posts on these forums but I couldn't configure properly my router.
I attach my config. Is it possible to know what corrections I should do?
My LAN IPs are 10.0.0.x with a subnet mask 255.0.0.0.
For my remote clients, I have now configured it to use 255.0.1.x.
Thanks and regards,
MaC
03-09-2008 10:08 AM
03-09-2008 10:31 AM
I can see in your configuration that you use
split-tunneling, which is fine.
However, I think you need add the following
line in the configuration so that your router
will NOT NAT traffics when going from 10.0.0.0/8 to 255.0.1.x/24:
no access-list 120
access-list 120 remark SDM_ACL Category=18
access-list 120 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 10.0.0.0 0.255.255.255 255.0.1.0 0.0.0.255
access-list 120 permit ip 10.0.0.0 0.0.0.255 any
That way, the traffics from 10.0.0.0/8 will not be NATted when going to
255.0.1.0/24 for the VPN.
CCIE Security
03-09-2008 10:59 AM
Hello,
To what does 255.0.1.x/24 refer? Is this a special range?
Wouldn't you rather mean 10.0.1.x/8 as 10.0.1.x will be the IP of the clients?
Regards,
03-09-2008 11:23 AM
Correction to my first post: "For my remote clients, I have now configured it to use 10.0.1.x."
Regards,
03-09-2008 11:37 AM
Here is the current state of my access lists; still nothing working:
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 10.0.1.0 0.0.0.255 any
access-list 120 remark SDM_ACL Category=18
access-list 120 deny ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 120 permit ip 10.0.0.0 0.0.0.255 any
Regards,
03-22-2008 03:50 AM
Hello,
The problem is now solved.
It was related to the fact that as well my company network and my VPN client pool were using IPs in the same subnet.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: