Cisco 871 Multi VLAN Routing Issue?

Unanswered Question
Sep 26th, 2008

In setting up a 871 with an EZVPN connection back to a ASA 5520 I have setup VLAN 1 for corporate traffic and VLAN 2 for Home traffic. The ports that are members of vlan 1 can access corporate resource along with accessing internet resources (split tunneling). From the member ports of VLAN 2 I am not able to access the internet or obtain a NAT translation. This being issue one. Not sure if this is related of not but in adding a default route with "ip route 0.0.0.0 0.0.0.0 fast ethernet 4" all routing on inside is cutoff from the outside.


The main question is: Is there a different way the 871 is using by default to handle how the vlans are passing the traffic to the outside and is there an easy way to set it up?


The configuration is as follows:



version 12.4

crypto ipsec client ezvpn CorpEZVPN

connect auto

group CorpEZVPN key supersecretpassword

mode network-extension

peer x.x.x.x

username CorpEZVPN password supersecure

xauth userid mode local

!

!

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.31.0.17

ip dhcp excluded-address 10.231.0.1

!

ip dhcp pool corpCLIENT

network 10.31.0.16 255.255.255.240

dns-server 12.17.10.11 12.17.10.16 72.21.224.3

domain-name corp.com

default-router 10.31.0.17

option 150 ip 172.17.12.25

lease 0 2

!

ip dhcp pool HomeCLIENT

network 10.231.0.16 255.255.255.240

dns-server 72.21.224.3 72.21.224.93

default-router 10.231.0.17

lease 0 2

!

!

ip cef

no ip bootp server

!

no ipv6 cef

!

username corp password somepassword

archive

log config

hidekeys

!

interface FastEthernet0

description <-- Corp Port 1 -->

load-interval 30

auto qos voip trust

no cdp enable

service-policy output AutoQoS-Policy-Trust

hold-queue 100 out

!

interface FastEthernet1

description <-- Corp Port 2 -->

auto qos voip trust

no cdp enable

service-policy output AutoQoS-Policy-Trust

!

interface FastEthernet2

description <-- Home Port 1 -->

switchport access vlan 10

no cdp enable

!

interface FastEthernet3

description <-- Home Port 2 -->

switchport access vlan 10

no cdp enable

!

interface FastEthernet4

description Outside Interface (Internet)

bandwidth 512

ip address dhcp

no ip redirects

no ip unreachables

ip mtu 1200

ip nat outside

ip inspect Soho_Out in

ip inspect Soho_In out

ip virtual-reassembly

ip tcp adjust-mss 542

load-interval 30

duplex auto

speed auto

auto qos voip trust

no cdp enable

crypto ipsec client ezvpn corpEZVPN

service-policy output AutoQoS-Policy-Trust

!

interface Vlan1

description CORP LAN

ip address 10.31.0.17 255.255.255.240

no ip redirects

no ip unreachables

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 542

crypto ipsec client ezvpn corpezvpn inside

!

interface Vlan10

description Home LAN

ip address 10.231.0.17 255.255.255.240

no ip redirects

no ip unreachables

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 542

!

ip forward-protocol nd

!

!

ip dns server view-group ezvpn-internal-viewlist

ip nat inside source route-map CorpEZVPN-rm interface FastEthernet4 overload

!

ip sla logging traps

access-list 10 deny 10.231.0.16 0.0.0.15

access-list 10 permit 10.0.0.0 0.255.255.255

access-list 10 permit 172.16.0.0 0.15.255.255

access-list 10 permit 192.168.0.0 0.0.255.255

access-list 120 deny ip 10.31.0.16 0.0.0.16 10.0.0.0 0.255.255.255

access-list 120 deny ip 10.31.0.16 0.0.0.16 172.16.0.0 0.15.255.255

access-list 120 deny ip 10.31.0.16 0.0.0.16 192.168.0.0 0.0.255.255

access-list 120 permit ip 10.31.0.16 0.0.0.16 any

access-list 120 permit ip 10.231.0.16 0.0.0.16 any

access-list 121 permit ip 10.0.0.0 0.255.255.255 any

access-list 121 permit ip 172.16.0.0 0.15.255.255 any

access-list 121 permit ip 192.168.0.0 0.0.255.255 any

no cdp run


!

!

!

route-map CorpEZVPN-rm permit 1

match ip address 120

!

!

control-plane

!

!

line con 0

exec-timeout 15 0

no modem enable

line aux 0

webvpn cef

end


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion