06-02-2010 05:23 AM
Hi,
I have router DSL 877 and uc520 connecting to each other, and I have PC outside installed on it Cisco VPN client and Cisco ip communicator, I want to make IP communicator working with uc520, the problem is I have already configure the VPN on router and it is working, but I can not ping the uc520,
I have attached the Visio layout how is the connection, and the configuration.
Solved! Go to Solution.
06-03-2010 04:26 AM
Pls remove the following from the 877 router:
ip route 172.16.1.0 255.255.255.0 10.10.10.10
Also your UC520 also have the NAT configuration that needs to be changed:
ip nat inside source list 1 interface FastEthernet0/0 overload
--> ACL 1, should be changed to ACL 150 as follows:
access-list 150 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 10.1.10.0 0.0.0.3 172.16.1.0 0.0.0.255
access-list 150 permit ip 10.1.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.1.10.0 0.0.0.3 any
ip nat inside source list 150 interface FastEthernet0/0 overload
no ip nat inside source list 1 interface FastEthernet0/0 overload
06-02-2010 05:46 AM
As per your topology, your voice subnet (10.1.1.0/24) is currently the same as your VPN IP pool subnet (10.1.1.x) . You would need to change the VPN IP Pool subnet to a unique subnet so routing will work.
Further to that, you would also need to change the following ACL 1 assigned to your NAT:
ip nat inside source list 1 interface Dialer0 overload
Currently ACL 1 (standard ACL):
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255
Should be changed to ACL 150 (extended ACL):
access-list 150 deny ip 10.10.10.0 0.0.0.255
access-list 150 deny ip 10.10.11.0 0.0.0.255
access-list 150 deny ip 10.1.1.0 0.0.0.255
access-list 150 permit ip 10.10.10.0 0.0.0.255 any
access-list 150 permit ip 10.10.11.0 0.0.0.255 any
Hope that helps.
06-02-2010 06:28 AM
hi,
Thank you for reply. I change it as you tell me and it is working, but now we have the IP communicator keep shows register not taken extension. Any idea.
06-02-2010 06:32 AM
Please also make sure that UC520 default route is the 877 router, OR/ alternatively UC520 needs to have route for the new ip pool subnet to point
towards 877 router (10.10.10.1).
Also, I assume that you have removed "ip nat inside source list 1 interface Dialer0 overload", and replaced it with "ip nat inside source list 150 interface Dialer0 overload".
Please share the latest config of 877 and UC520. Thx.
06-02-2010 06:55 AM
I already replaced "ip nat inside source list 1 interface Dialer0 overload" to "ip nat inside source list 150interface Dialer0 overload" and I add one command on router 877 for new subnet "ip route 172.16.1.0 0.0.0.255 10.10.10.10" and on uc520 there is ip defualt route "0.0.0.0 0.0.0.0 10.10.10.1"
06-03-2010 04:26 AM
Pls remove the following from the 877 router:
ip route 172.16.1.0 255.255.255.0 10.10.10.10
Also your UC520 also have the NAT configuration that needs to be changed:
ip nat inside source list 1 interface FastEthernet0/0 overload
--> ACL 1, should be changed to ACL 150 as follows:
access-list 150 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 10.1.10.0 0.0.0.3 172.16.1.0 0.0.0.255
access-list 150 permit ip 10.1.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.1.10.0 0.0.0.3 any
ip nat inside source list 150 interface FastEthernet0/0 overload
no ip nat inside source list 1 interface FastEthernet0/0 overload
06-03-2010 05:46 AM
It is working now, thank you very very much for your help you are the best.
regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide