Routing problem for Cisco newbie

Unanswered Question
Aug 11th, 2008
User Badges:

Hello,


I'm fairly new to the Cisco IOS, and currently have a problem with a setup for an 877. This 877 the default gateway for a network, and has also a lan to lan vpn that works to my home. The problem is that I can resolve and ping hosts on the internet from the 877 itself, but not from any host on it's VLAN. I can also reach the 877 and the hosts on the Vlan from the lan on the other side of the lan to lan vpn.


adsl#show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0


80.0.0.0/32 is subnetted, 1 subnets

C 80.101.177.108 is directly connected, Dialer0

S 192.168.4.0/24 [1/0] via 192.168.6.1

S 192.168.5.0/24 [1/0] via 192.168.6.1

C 192.168.6.0/24 is directly connected, Vlan1

194.109.5.0/32 is subnetted, 1 subnets

C 194.109.5.213 is directly connected, Dialer0

S 192.168.7.0/24 [1/0] via 192.168.6.1

S 192.168.1.0/24 [1/0] via 192.168.6.1

S 192.168.2.0/24 [1/0] via 192.168.6.1

S* 0.0.0.0/0 is directly connected, Dialer0





Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 08/12/2008 - 00:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jacco,

from your config I see is missing the


route-map SDM_RMAP_1 definition


add:

route-map SDM_RMAP_1 permit 10

match ip address 1


so the NAT will start to work and hosts in the LAN will be able to ping hosts in the internet


It looks like you used SDM to create this config


Hope to help

Giuseppe


jaccorens Wed, 08/13/2008 - 10:18
User Badges:

This helped indeed for the NAT part, but now the vpn tunnel doesn't work anymore. Indeed the set-up was done by SDM, since i'm not confident enough with the cli yet, and got short learning time..

Giuseppe Larosa Wed, 08/13/2008 - 11:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jacco,

you need to use an extended ACL and to deny traffic that will go on the vpn


access-list 100 remark IPSec Rule

access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.20.0 0.0.0.255


so traffic from 192.168.6.0/24 to 192.168.20.0/24 has be denied when defining what to NAT


access-list 161 deny ip 192.168.6.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 161 permit ip 192.168.6.0 0.0.0.255 any


route-map SDM_RMAP_1 permit 10

match ip address 161


Hope to help

Giuseppe




Actions

This Discussion