vpn established on router but cant hit inside

Unanswered Question
Jul 12th, 2008

hello guys,

another situation....

3725 router --- pix v5.1 --- 4507 ---

i successfully established a remote access vpn to the 3725 router...but i am unable to ping any devices from my laptop nor can i ping my device from the pix...

any thoughts...

thanks in advance...

here are my configs for the router and pix

Lab_rtr#

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

ip subnet-zero

!

ip cef

ip audit notify log

ip audit po max-events 100

no ip domain lookup

ip ssh break-string

no ftp-server write-enable

!

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp xauth timeout 60

!

crypto isakmp client configuration group 3000client

key cisco123

pool ippool

crypto isakmp profile VPNclient

description VPN Clients Profile

match identity group 3000client

client authentication list userauthen

isakmp authorization list groupauthor

client configuration address respond

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

set isakmp-profile VPNclient

!

crypto map clientmap 10 ipsec-isakmp dynamic dynmap discover

!

!

interface FastEthernet0/0

ip address xxxxx 255.255.255.248

speed 100

half-duplex

crypto map clientmap

!

interface Serial0/0

bandwidth 512

no ip address

encapsulation frame-relay IETF

no fair-queue

service-module t1 timeslots 1-8

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address xxxxx

frame-relay interface-dlci 532

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip local pool ippool 192.168.1.5

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

________________________________________________________________

PIX

PIX Version 5.1(4)

access-list 101 permit ip 10.100.55.0 255.255.255.0 host 192.168.1.5

ip address outside xxxx 255.255.255.248

ip address inside 10.100.55.200 255.255.255.0

ip address pix/intf2 127.0.0.1 255.255.255.255

global (outside) 1 xxxx netmask 255.255.255.248

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 10.100.55.207 10.100.55.207 netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 xxxx 1

route inside 10.0.0.0 255.0.0.0 10.100.55.1 1

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
michael.leblanc Sat, 07/12/2008 - 08:24

Add "reverse-route" to your dynamic crypto map to facilitate a return path to the IPSec client.

It will inject a route into the routing table.

crypto dynamic-map dynmap 10

set transform-set myset

set isakmp-profile VPNclient

reverse-route

szajihsaniatan Sat, 07/12/2008 - 13:19

i added that, but no luck...should i allow that in the pix since it sees it from the outside interface?

Actions

This Discussion