Cisco 1811 - configuration

Unanswered Question
Sep 29th, 2010
User Badges:

Hi,


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Normale Tabelle"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

I have configured my Cisco 1811 router (Lab environemnt) as follows:



VPN settings for remote clients


crypto isakmp client configuration group 3000client


key XXXXXX


dns 8.8.8.8


domain cisco.local


pool ippool


acl 108



VLAN settings


interface FastEthernet7


switchport access vlan 108


!


interface FastEthernet8


switchport access vlan 100


!


interface FastEthernet9


switchport access vlan 66


!


interface Vlan66


ip address 192.168.7.252 255.255.255.0


ip nat inside


ip virtual-reassembly


!


interface Vlan100


ip address 10.10.10.1 255.255.255.248


ip nat inside


ip virtual-reassembly


!


interface Vlan108


ip address 10.10.10.9 255.255.255.248


!



Split-tunnel ACL for VPN clients


access-list 108 permit ip 10.10.10.0 0.0.0.7 14.1.1.0 0.0.0.255



NAT ACL for VPN and local VLANs



ip nat inside source route-map NONAT interface Dialer0 overload



access-list 112 deny   ip 10.10.10.0 0.0.0.7 14.1.1.0 0.0.0.255


access-list 112 deny   ip 192.168.7.0 0.0.0.255 14.1.1.0 0.0.0.255


access-list 112 permit ip 10.10.10.0 0.0.0.7 any



route-map NONAT permit 10


match ip address 112




I underestand 10.10.10.7 is the broadcast address of Vlan100.

When I connect a VPN client and ping the remote VLAN 10.10.10.1 and then ping 10.10.10.7, the output is as follows:


Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=50ms TTL=255


Pinging 10.10.10.7 with 32 bytes of data:
Reply from 85.176.X.X: bytes=32 time=55ms TTL=255


Question #1: I understand ACL 112 does NAT for 10.10.10.1-6 but not 10.10.10.7. How sould ACL 112 look like?

Question #2: Is it normal to get a reply when you ping a broadcast address at all?


Any help is appreciated!


Kind Regards,

Sebastian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

Related Content