cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1077
Views
20
Helpful
6
Replies

IP communicator with VPN

kingofshadows86
Level 1
Level 1

Hi,

I have router DSL 877 and uc520 connecting to each other, and I have PC outside installed on it Cisco VPN client and Cisco ip communicator, I want to make IP communicator working with uc520, the problem is I have already configure the VPN on router and it is working, but I can not ping the uc520,

I have attached the Visio layout how is the connection, and the configuration.

1 Accepted Solution

Accepted Solutions

Pls remove the following from the 877 router:

ip route 172.16.1.0 255.255.255.0 10.10.10.10

Also your UC520 also have the NAT configuration that needs to be changed:

ip nat inside source list 1 interface FastEthernet0/0 overload

--> ACL 1, should be changed to ACL 150 as follows:

access-list 150 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 10.1.10.0 0.0.0.3 172.16.1.0 0.0.0.255

access-list 150 permit ip 10.1.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.1.10.0 0.0.0.3 any


ip nat inside source list 150 interface FastEthernet0/0 overload

no ip nat inside source list 1 interface FastEthernet0/0 overload

View solution in original post

6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

As per your topology, your voice subnet (10.1.1.0/24) is currently the same as your VPN IP pool subnet (10.1.1.x) . You would need to change the VPN IP Pool subnet to a unique subnet so routing will work.

Further to that, you would also need to change the following ACL 1 assigned to your NAT:

ip nat inside source list 1 interface Dialer0 overload

Currently ACL 1 (standard ACL):

access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255

Should be changed to ACL 150 (extended ACL):

access-list 150 deny ip 10.10.10.0 0.0.0.255

access-list 150 deny ip 10.10.11.0 0.0.0.255 

access-list 150 deny ip 10.1.1.0 0.0.0.255 

access-list 150 permit ip 10.10.10.0 0.0.0.255 any

access-list 150 permit ip 10.10.11.0 0.0.0.255 any

Hope that helps.

hi,

Thank you for reply. I change it as you tell me and it is working, but now we have the IP communicator keep shows register not taken extension. Any idea.

Please also make sure that UC520 default route is the 877 router, OR/ alternatively UC520 needs to have route for the new ip pool subnet to point

towards 877 router (10.10.10.1).

Also, I assume that you have removed "ip nat inside source list 1 interface Dialer0 overload", and replaced it with "ip nat inside source list 150 interface Dialer0 overload".

Please share the latest config of 877 and UC520. Thx.

I already replaced "ip nat inside source list 1 interface Dialer0 overload" to "ip nat inside source list 150interface Dialer0 overload" and I add one command on router 877 for new subnet "ip route 172.16.1.0 0.0.0.255 10.10.10.10" and on uc520 there is ip defualt route "0.0.0.0 0.0.0.0 10.10.10.1"

Pls remove the following from the 877 router:

ip route 172.16.1.0 255.255.255.0 10.10.10.10

Also your UC520 also have the NAT configuration that needs to be changed:

ip nat inside source list 1 interface FastEthernet0/0 overload

--> ACL 1, should be changed to ACL 150 as follows:

access-list 150 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 10.1.10.0 0.0.0.3 172.16.1.0 0.0.0.255

access-list 150 permit ip 10.1.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.1.10.0 0.0.0.3 any


ip nat inside source list 150 interface FastEthernet0/0 overload

no ip nat inside source list 1 interface FastEthernet0/0 overload

It is working now, thank you very very much for your help you are the best.

regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: