cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
989
Views
0
Helpful
4
Replies

VPN Client connected but no ping nor access to privat network

ezy
Level 1
Level 1

Hi,

I have a 1802w installed, a VPN client wich can connect to the router and a connected L2L connection, wich works fine.

On the router I see that the client is connected, but no traffic is passing. In sh crypto ipsec, I see that traffic is decrypted, but no packtets are encypted.

Can anybody point me in the right direction? Attached I have the confs and debugs. Thanks for help in advance.

Erich

1 Accepted Solution

Accepted Solutions

ajagadee
Cisco Employee
Cisco Employee

Erich,

Looking at your configuration, Couple of things:

1. Is this the current running configuration. I see your L2L Tunnel is configured with a match address of 101 but I do not see an ACL 101 defined on the router.

2. Your Split Tunnel needs to be reconfigured. Meaning, the source and destination needs to be swapped.

ip access-list extended SplitList

permit ip 192.168.2.0 0.0.0.255 192.168.111.0 0.0.0.255

Split Tunneling

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4

Also, the pool of IP Addresses that you are assigning to the clients, make sure they are not part of a LAN on your side. If so, then you could run into routing issues.

Regards,

Arul

** Please rate all helpful posts **

View solution in original post

4 Replies 4

ajagadee
Cisco Employee
Cisco Employee

Hello Erich,

Can you attached the configuration and debugs. I dont see it attached to the post.

Regards,

Arul

Hi,

attached the debugs and confs.

Erich

ajagadee
Cisco Employee
Cisco Employee

Erich,

Looking at your configuration, Couple of things:

1. Is this the current running configuration. I see your L2L Tunnel is configured with a match address of 101 but I do not see an ACL 101 defined on the router.

2. Your Split Tunnel needs to be reconfigured. Meaning, the source and destination needs to be swapped.

ip access-list extended SplitList

permit ip 192.168.2.0 0.0.0.255 192.168.111.0 0.0.0.255

Split Tunneling

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4

Also, the pool of IP Addresses that you are assigning to the clients, make sure they are not part of a LAN on your side. If so, then you could run into routing issues.

Regards,

Arul

** Please rate all helpful posts **

Hi Arul,

thanks a lot. It was the split tunnel, I mixed it somehow.

Regards

Erich

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: