Problems with Easy VPN Server.

Answered Question
Aug 30th, 2009

Hi.

I configured a C2811 as Easy VPN Server. I made successfull VPN connections but i can't ping internal networks.

I read on this forum some issues related to NAT. I took in account all of theme, but i still can't ping internal servers.

I saw statistics on VPN Client and the decrypted bytes counter ever is "0".

I attached configuration.

Thanks in advanced.

Attachment: 
I have this problem too.
0 votes
Correct Answer by slmansfield about 7 years 3 months ago

Just wondering whether you verified routing to/from the client address pool to/from your servers. Since you don't have a routing protocol configured, it might be one thing to check.

HTH

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
slmansfield Mon, 08/31/2009 - 07:58

Just wondering whether you verified routing to/from the client address pool to/from your servers. Since you don't have a routing protocol configured, it might be one thing to check.

HTH

julios Mon, 08/31/2009 - 12:04

Thanks for your message.

I verified routing and I guess is fine. But i can't ping nothing, for example a directly connected interface like Fa0/0 on 2811.

I really concerned about why i didn't see decrypted packets. I think because we dont have return traffic.

julios Tue, 09/01/2009 - 04:47

Hi and Thanks a lot.

You resolved my problem. Let me show you.

I eliminated RRI (Reverse Route Injection) for my VPN group and add a explicit route like that:

ip route 10.20.X.X 255.X.X.X Loopback 0

A route that points to crypto map applied interface and that's all. 10.20.X.X is VPN pool network.

Actions

This Discussion