Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
265
Views
0
Helpful
2
Replies

vpn established on router but cant hit inside

mrSS
Level 1
Level 1

‎07-12-2008 07:10 AM - edited ‎03-06-2019 12:09 AM

hello guys,

another situation....

3725 router --- pix v5.1 --- 4507 ---

i successfully established a remote access vpn to the 3725 router...but i am unable to ping any devices from my laptop nor can i ping my device from the pix...

any thoughts...

thanks in advance...

here are my configs for the router and pix

Lab_rtr#

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

ip subnet-zero

!

ip cef

ip audit notify log

ip audit po max-events 100

no ip domain lookup

ip ssh break-string

no ftp-server write-enable

!

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp xauth timeout 60

!

crypto isakmp client configuration group 3000client

key cisco123

pool ippool

crypto isakmp profile VPNclient

description VPN Clients Profile

match identity group 3000client

client authentication list userauthen

isakmp authorization list groupauthor

client configuration address respond

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

set isakmp-profile VPNclient

!

crypto map clientmap 10 ipsec-isakmp dynamic dynmap discover

!

!

interface FastEthernet0/0

ip address xxxxx 255.255.255.248

speed 100

half-duplex

crypto map clientmap

!

interface Serial0/0

bandwidth 512

no ip address

encapsulation frame-relay IETF

no fair-queue

service-module t1 timeslots 1-8

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address xxxxx

frame-relay interface-dlci 532

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip local pool ippool 192.168.1.5

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

________________________________________________________________

PIX

PIX Version 5.1(4)

access-list 101 permit ip 10.100.55.0 255.255.255.0 host 192.168.1.5

ip address outside xxxx 255.255.255.248

ip address inside 10.100.55.200 255.255.255.0

ip address pix/intf2 127.0.0.1 255.255.255.255

global (outside) 1 xxxx netmask 255.255.255.248

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 10.100.55.207 10.100.55.207 netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 xxxx 1

route inside 10.0.0.0 255.0.0.0 10.100.55.1 1

Labels:
0 Helpful
2 Replies 2

michael.leblanc
Level 4
Level 4

‎07-12-2008 08:24 AM

Add "reverse-route" to your dynamic crypto map to facilitate a return path to the IPSec client.

It will inject a route into the routing table.

crypto dynamic-map dynmap 10

set transform-set myset

set isakmp-profile VPNclient

reverse-route

0 Helpful

mrSS
Level 1
Level 1
In response to michael.leblanc

‎07-12-2008 01:19 PM

i added that, but no luck...should i allow that in the pix since it sees it from the outside interface?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card