Problems with Easy VPN Server.

Answered Question
Aug 30th, 2009
User Badges:

Hi.


I configured a C2811 as Easy VPN Server. I made successfull VPN connections but i can't ping internal networks.


I read on this forum some issues related to NAT. I took in account all of theme, but i still can't ping internal servers.


I saw statistics on VPN Client and the decrypted bytes counter ever is "0".


I attached configuration.


Thanks in advanced.



Attachment: 
Correct Answer by slmansfield about 7 years 10 months ago

Just wondering whether you verified routing to/from the client address pool to/from your servers. Since you don't have a routing protocol configured, it might be one thing to check.


HTH

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
slmansfield Mon, 08/31/2009 - 07:58
User Badges:
  • Silver, 250 points or more

Just wondering whether you verified routing to/from the client address pool to/from your servers. Since you don't have a routing protocol configured, it might be one thing to check.


HTH

julios Mon, 08/31/2009 - 12:04
User Badges:

Thanks for your message.


I verified routing and I guess is fine. But i can't ping nothing, for example a directly connected interface like Fa0/0 on 2811.


I really concerned about why i didn't see decrypted packets. I think because we dont have return traffic.



julios Tue, 09/01/2009 - 04:47
User Badges:

Hi and Thanks a lot.


You resolved my problem. Let me show you.


I eliminated RRI (Reverse Route Injection) for my VPN group and add a explicit route like that:


ip route 10.20.X.X 255.X.X.X Loopback 0


A route that points to crypto map applied interface and that's all. 10.20.X.X is VPN pool network.



slmansfield Tue, 09/01/2009 - 05:15
User Badges:
  • Silver, 250 points or more

That's great! Thanks for the rating.


Actions

This Discussion