Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
4
Replies

VPN Client connected but no ping nor access to privat network

Go to solution
ezy
Level 1
Level 1

‎10-19-2008 06:18 AM

Hi,

I have a 1802w installed, a VPN client wich can connect to the router and a connected L2L connection, wich works fine.

On the router I see that the client is connected, but no traffic is passing. In sh crypto ipsec, I see that traffic is decrypted, but no packtets are encypted.

Can anybody point me in the right direction? Attached I have the confs and debugs. Thanks for help in advance.

Erich

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ajagadee
Cisco Employee
Cisco Employee
In response to ezy

‎10-20-2008 06:38 AM

Erich,

Looking at your configuration, Couple of things:

1. Is this the current running configuration. I see your L2L Tunnel is configured with a match address of 101 but I do not see an ACL 101 defined on the router.

2. Your Split Tunnel needs to be reconfigured. Meaning, the source and destination needs to be swapped.

ip access-list extended SplitList

permit ip 192.168.2.0 0.0.0.255 192.168.111.0 0.0.0.255

Split Tunneling

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4

Also, the pool of IP Addresses that you are assigning to the clients, make sure they are not part of a LAN on your side. If so, then you could run into routing issues.

Regards,

Arul

** Please rate all helpful posts **

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎10-19-2008 01:10 PM

Hello Erich,

Can you attached the configuration and debugs. I dont see it attached to the post.

Regards,

Arul

0 Helpful

Go to solution
ezy
Level 1
Level 1
In response to ajagadee

‎10-19-2008 07:36 PM

Hi,

attached the debugs and confs.

Erich

0 Helpful

Go to solution
ajagadee
Cisco Employee
Cisco Employee
In response to ezy

‎10-20-2008 06:38 AM

Erich,

Looking at your configuration, Couple of things:

1. Is this the current running configuration. I see your L2L Tunnel is configured with a match address of 101 but I do not see an ACL 101 defined on the router.

2. Your Split Tunnel needs to be reconfigured. Meaning, the source and destination needs to be swapped.

ip access-list extended SplitList

permit ip 192.168.2.0 0.0.0.255 192.168.111.0 0.0.0.255

Split Tunneling

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4

Also, the pool of IP Addresses that you are assigning to the clients, make sure they are not part of a LAN on your side. If so, then you could run into routing issues.

Regards,

Arul

** Please rate all helpful posts **

0 Helpful

Go to solution
ezy
Level 1
Level 1
In response to ajagadee

‎10-20-2008 08:25 PM

Hi Arul,

thanks a lot. It was the split tunnel, I mixed it somehow.

Regards

Erich

0 Helpful
Customers Also Viewed These Support Documents