IP communicator with VPN

Answered Question
Jun 2nd, 2010

Hi,

I have router DSL 877 and uc520 connecting to each other, and I have PC outside installed on it Cisco VPN client and Cisco ip communicator, I want to make IP communicator working with uc520, the problem is I have already configure the VPN on router and it is working, but I can not ping the uc520,

I have attached the Visio layout how is the connection, and the configuration.

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 6 months ago

Pls remove the following from the 877 router:

ip route 172.16.1.0 255.255.255.0 10.10.10.10

Also your UC520 also have the NAT configuration that needs to be changed:

ip nat inside source list 1 interface FastEthernet0/0 overload

--> ACL 1, should be changed to ACL 150 as follows:

access-list 150 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 10.1.10.0 0.0.0.3 172.16.1.0 0.0.0.255

access-list 150 permit ip 10.1.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.1.10.0 0.0.0.3 any


ip nat inside source list 150 interface FastEthernet0/0 overload

no ip nat inside source list 1 interface FastEthernet0/0 overload

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Jennifer Halim Wed, 06/02/2010 - 05:46

As per your topology, your voice subnet (10.1.1.0/24) is currently the same as your VPN IP pool subnet (10.1.1.x) . You would need to change the VPN IP Pool subnet to a unique subnet so routing will work.

Further to that, you would also need to change the following ACL 1 assigned to your NAT:

ip nat inside source list 1 interface Dialer0 overload

Currently ACL 1 (standard ACL):

access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255

Should be changed to ACL 150 (extended ACL):

access-list 150 deny ip 10.10.10.0 0.0.0.255

access-list 150 deny ip 10.10.11.0 0.0.0.255 

access-list 150 deny ip 10.1.1.0 0.0.0.255 

access-list 150 permit ip 10.10.10.0 0.0.0.255 any

access-list 150 permit ip 10.10.11.0 0.0.0.255 any

Hope that helps.

kingofshadows86 Wed, 06/02/2010 - 06:28

hi,

Thank you for reply. I change it as you tell me and it is working, but now we have the IP communicator keep shows register not taken extension. Any idea.

Jennifer Halim Wed, 06/02/2010 - 06:32

Please also make sure that UC520 default route is the 877 router, OR/ alternatively UC520 needs to have route for the new ip pool subnet to point

towards 877 router (10.10.10.1).

Also, I assume that you have removed "ip nat inside source list 1 interface Dialer0 overload", and replaced it with "ip nat inside source list 150 interface Dialer0 overload".

Please share the latest config of 877 and UC520. Thx.

kingofshadows86 Wed, 06/02/2010 - 06:55

I already replaced "ip nat inside source list 1 interface Dialer0 overload" to "ip nat inside source list 150interface Dialer0 overload" and I add one command on router 877 for new subnet "ip route 172.16.1.0 0.0.0.255 10.10.10.10" and on uc520 there is ip defualt route "0.0.0.0 0.0.0.0 10.10.10.1"

Correct Answer
Jennifer Halim Thu, 06/03/2010 - 04:26

Pls remove the following from the 877 router:

ip route 172.16.1.0 255.255.255.0 10.10.10.10

Also your UC520 also have the NAT configuration that needs to be changed:

ip nat inside source list 1 interface FastEthernet0/0 overload

--> ACL 1, should be changed to ACL 150 as follows:

access-list 150 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 10.1.10.0 0.0.0.3 172.16.1.0 0.0.0.255

access-list 150 permit ip 10.1.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.1.10.0 0.0.0.3 any


ip nat inside source list 150 interface FastEthernet0/0 overload

no ip nat inside source list 1 interface FastEthernet0/0 overload

kingofshadows86 Thu, 06/03/2010 - 05:46

It is working now, thank you very very much for your help you are the best.

regards.

Actions

This Discussion