VPN between Cisco 877 and Cisco Small Business SRP527W Up but unable to ping client.

craig.corbett · ‎09-06-2010

Hi,

I have an IP Sec VPN between a Cisco 877 and a Cisco Small Business SRP527W. We can ping the private IP of the remote router but nothing beyond them. E.g. we can ping the default gateway of the remote PC e.g. 192.168.0.1 but are unable to ping the PC on 192.168.0.3.

Any ideas / hints greatly appreciated.

Thanks,

Craig.

Nagaraja Thanthry · ‎09-06-2010

Hello,

Do you have NAT configured on the remote end? Have you excluded VPN traffic

from NAT rules?

Regards,

NT

craig.corbett · ‎09-06-2010

Hi, I didn’t configure the router but I have had a look and this is the VPN NAT config:

ip nat inside source route-map no-nat interface Dialer0 overload

access-list 120 remark SDM_ACL Category=18

access-list 120 remark IPSec Rule

access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.179.0 0.0.0.255

access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.175.0 0.0.0.255

access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.176.0 0.0.0.255

access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.177.0 0.0.0.255

access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.178.0 0.0.0.255

access-list 120 deny ip 172.27.27.0 0.0.0.31 192.178.179.0 0.0.0.255

access-list 120 permit ip 172.27.27.0 0.0.0.31 any

route-map no-nat permit 1

match ip address 120

match interface Dialer0

The hub subnet is

172.27.27.0

The following are the remote sites.

192.168.179.0

192.168.175.0

192.168.176.0

192.168.177.0

192.168.178.0

192.168.179.0

Before I make changes I'm sure the lines:

access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.xxx.0 0.0.0.255

need to be:

access-list 120 permit ip 172.27.27.0 0.0.0.31 192.168.xx.0 0.0.0.255

?