Solved: Problems with Easy VPN Server.

julios · ‎08-30-2009

Hi.

I configured a C2811 as Easy VPN Server. I made successfull VPN connections but i can't ping internal networks.

I read on this forum some issues related to NAT. I took in account all of theme, but i still can't ping internal servers.

I saw statistics on VPN Client and the decrypted bytes counter ever is "0".

I attached configuration.

Thanks in advanced.

slmansfield · ‎08-31-2009

Just wondering whether you verified routing to/from the client address pool to/from your servers. Since you don't have a routing protocol configured, it might be one thing to check.

HTH

View solution in original post

slmansfield · ‎08-31-2009

Just wondering whether you verified routing to/from the client address pool to/from your servers. Since you don't have a routing protocol configured, it might be one thing to check.

HTH

julios · ‎08-31-2009

Thanks for your message.

I verified routing and I guess is fine. But i can't ping nothing, for example a directly connected interface like Fa0/0 on 2811.

I really concerned about why i didn't see decrypted packets. I think because we dont have return traffic.

julios · ‎09-01-2009

Hi and Thanks a lot.

You resolved my problem. Let me show you.

I eliminated RRI (Reverse Route Injection) for my VPN group and add a explicit route like that:

ip route 10.20.X.X 255.X.X.X Loopback 0

A route that points to crypto map applied interface and that's all. 10.20.X.X is VPN pool network.

slmansfield · ‎09-01-2009

That's great! Thanks for the rating.