cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
276
Views
0
Helpful
3
Replies

Routing problem for Cisco newbie

jaccorens
Level 1
Level 1

Hello,

I'm fairly new to the Cisco IOS, and currently have a problem with a setup for an 877. This 877 the default gateway for a network, and has also a lan to lan vpn that works to my home. The problem is that I can resolve and ping hosts on the internet from the 877 itself, but not from any host on it's VLAN. I can also reach the 877 and the hosts on the Vlan from the lan on the other side of the lan to lan vpn.

adsl#show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

80.0.0.0/32 is subnetted, 1 subnets

C 80.101.177.108 is directly connected, Dialer0

S 192.168.4.0/24 [1/0] via 192.168.6.1

S 192.168.5.0/24 [1/0] via 192.168.6.1

C 192.168.6.0/24 is directly connected, Vlan1

194.109.5.0/32 is subnetted, 1 subnets

C 194.109.5.213 is directly connected, Dialer0

S 192.168.7.0/24 [1/0] via 192.168.6.1

S 192.168.1.0/24 [1/0] via 192.168.6.1

S 192.168.2.0/24 [1/0] via 192.168.6.1

S* 0.0.0.0/0 is directly connected, Dialer0

3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Jacco,

from your config I see is missing the

route-map SDM_RMAP_1 definition

add:

route-map SDM_RMAP_1 permit 10

match ip address 1

so the NAT will start to work and hosts in the LAN will be able to ping hosts in the internet

It looks like you used SDM to create this config

Hope to help

Giuseppe

This helped indeed for the NAT part, but now the vpn tunnel doesn't work anymore. Indeed the set-up was done by SDM, since i'm not confident enough with the cli yet, and got short learning time..

Hello Jacco,

you need to use an extended ACL and to deny traffic that will go on the vpn

access-list 100 remark IPSec Rule

access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.20.0 0.0.0.255

so traffic from 192.168.6.0/24 to 192.168.20.0/24 has be denied when defining what to NAT

access-list 161 deny ip 192.168.6.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 161 permit ip 192.168.6.0 0.0.0.255 any

route-map SDM_RMAP_1 permit 10

match ip address 161

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco