cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
831
Views
0
Helpful
2
Replies

Cisco VPN Client connects but can't access remote network on c1841

xinyer
Level 1
Level 1

Hi Everyone, I followed some sample configs online and configured my c1841 router to acceppt VPN Client connection.

Now I'm able to connect the VPN Client to the router and able to ping the router's LAN IP address, but I couldn't get to any other computers on the remote network.

my VPN Client's address pool is 192.168.88.1 to 192.168.88.254, the remote site LAN IP is 10.88.88.0/24.

Router IP is 10.88.88.1

I turned on debug ip packet, I can see packets come in when I ping the router LAN IP 10.88.88.1, but when I try to ping another IP 10.88.88.5, there is nothing coming in.

The route print on VPN Client computer is correct, nothing wrong, static routes to the remote network are properly added. Trace route shows the first node is the router WAN IP, and the rest time out.

I've attached my conf file, please help me have a look. I've been trying for a few days, but still can't fix.

Thanks in advanced

2 Replies 2

xinyer
Level 1
Level 1

router# sh crypto ipsec sa

interface: Dialer1

Crypto map tag: SDM_CMAP_1, local addr 116.15.132.166

protected vrf: (none)

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

remote ident (addr/mask/prot/port): (192.168.88.5/255.255.255.255/0/0)

current_peer 58.185.121.38 port 4888

PERMIT, flags={}

#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4

#pkts decaps: 47, #pkts decrypt: 47, #pkts verify: 47

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 116.x.132.166, remote crypto endpt.: 58.x.121.38

path mtu 1452, ip mtu 1452, ip mtu idb Dialer1

current outbound spi: 0xD281D3DD(3531723741)

inbound esp sas:

spi: 0x8809AE23(2282335779)

transform: esp-3des esp-sha-hmac ,

in use settings ={Tunnel UDP-Encaps, }

conn id: 3001, flow_id: FPGA:1, crypto map: SDM_CMAP_1

sa timing: remaining key lifetime (k/sec): (4392170/3248)

IV size: 8 bytes

replay detection support: Y

Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: 0xD281D3DD(3531723741)

transform: esp-3des esp-sha-hmac ,

in use settings ={Tunnel UDP-Encaps, }

conn id: 3002, flow_id: FPGA:2, crypto map: SDM_CMAP_1

sa timing: remaining key lifetime (k/sec): (4392178/3248)

IV size: 8 bytes

replay detection support: Y

Status: ACTIVE

outbound ah sas:

outbound pcp sas:

-==========================

here is the strange part, my local ident is 0.0.0.0:

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

I posted my original conf without hidding username and passwords, and someone is actually in my router.

Now here is my conf again, with all passwords hidden.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: