problem with EZvpn

Answered Question
Apr 19th, 2010

hi

i'm trying to setup an EzVPN server that will allow users to connect remotly via internet through my 2820 router

the client can connect successfully however it can only reach the router and not devices within the router subnet

crypto isakmp policy 100
encr aes
hash md5
authentication pre-share
group 2

crypto isakmp keepalive 20 10
!
crypto isakmp client configuration group easyvpn
key easyvpn
pool easyvpn
acl easyvpn
save-password
max-users 9
netmask 255.255.255.0
!
!
crypto ipsec transform-set dmvpn esp-aes esp-md5-hmac
!
crypto ipsec profile dmvpn
set transform-set dmvpn
!
!
crypto dynamic-map easyvpn 10
set transform-set dmvpn
reverse-route
!
!
crypto map easyvpn client authentication list easyvpn
crypto map easyvpn isakmp authorization list easyvpn
crypto map easyvpn client configuration address respond
crypto map easyvpn 100 ipsec-isakmp dynamic easyvpn

interface GigabitEthernet0/0
description DSL interface
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description internal interface
ip address 100.0.0.1 255.255.255.0
ip nat inside

!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map easyvpn

ip local pool easyvpn 70.0.0.1 70.0.0.100
!

ip access-list extended easyvpn
permit ip 100.0.0.0 0.0.0.255 70.0.0.0 0.0.0.255

please be notifed that i can only reach the private address of the router only not the connected devices

thanks

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 9 months ago

Please make sure that NAT exemption is configured (you would need to deny traffic from your internal subnets towards the ip pool subnet so it doesn't get NATed).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Mon, 04/19/2010 - 03:19

Please make sure that NAT exemption is configured (you would need to deny traffic from your internal subnets towards the ip pool subnet so it doesn't get NATed).

stevjarbeck Mon, 04/19/2010 - 10:34

If you get a chance would you please post your scrubbed config so I can see the changes you made to resolve the NAT problem.

Thanks,

Steve

Actions

This Discussion