site to site vpn on cisco ios - 2900 series

Unanswered Question
Jan 16th, 2013

Hi Everyone ,

I am facing a very big problem with site to site vpn on cisco 2900 ios.

i configured the vpn and when i ping  from router itself to destination ip with source as lan interface , VPN works, no problem.

but when i connect any computer directly to router's lan interface to initiate traffic , it doesnot work at all. and on computer's lan i see yeloow sign.

mtu is 1500, speed is auto (i tried chaging also) , duplex is auto ( i tried changing also) , thoguh firewall on pc should not affect but still i disabled it.

since their is no problem with vpn config as vpn comes up when i initiate ping from router itself but i dont know why it is not working from lan.

do we need any inspect icmp on this router also ? or any policy modification to pass traffic across the interfac on router is required ?

i was useinf c2900k9-15.0(M4).bin and i upgraded it to 15.3 which is lated to get reed of any bug .

lastly , i connected two laptops directly to router's gi0/0, g0/1 interface to ping from one laptop to another but this also did not work.

any help is highly appriciated .

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Rudy Sanjoko Wed, 01/16/2013 - 08:50

you will need to configure that lan network as interesting traffic for the vpn, you can use the access list for this. what is the scenario for those two laptops? are they on the same subnet? different subnet? have you configured the default gateway? have you configured any static routes?

Riyasat Ali Wed, 01/16/2013 - 08:55

yes lan network is configured as interesting , and whatever ip i put on router's lan interface from that subnet and initiate the traffic to other site VPN works. but when i put the same on any computer in the lan , it doesnot.

now,  present :-

laptop A( B

laptop A is not able to ping laptop B , when i do "debug ip icmp" and initiate traffic from laptop A , i do not see anything  however when i initiate ping from router "ping source g0/1" it works and i see debugs.

Andrew Phirsov Wed, 01/16/2013 - 08:52

You have to use crossover cable if you connect PC directly to the router. Have you tried to ping router lan interface from PC connecting to it?

Andrew Phirsov Wed, 01/16/2013 - 21:17

If each laptop can ping corresponding router interface, and the gateways of that laptops set to be those interfaces' IPs, everything should work fine.

Rudy Sanjoko Thu, 01/17/2013 - 02:27

as Andrew said above, normally everything should work just fine but if it's still not working even after you set the default gateways then perhaps the ip routing is disabled on the router, can you verify that ip routing on the router is enabled? you can enable it with ip routing command if it's disabled, it should be enabled by default though.


Login or Register to take actions

This Discussion

Posted January 16, 2013 at 8:41 AM
Replies:6 Avg. Rating:
Views:634 Votes:0
Tags: No tags.

Discussions Leaderboard