09-29-2010 06:16 AM - edited 03-06-2019 01:14 PM
Hi,
I have configured my Cisco 1811 router (Lab environemnt) as follows:
VPN settings for remote clients
crypto isakmp client configuration group 3000client
key XXXXXX
dns 8.8.8.8
domain cisco.local
pool ippool
acl 108
VLAN settings
interface FastEthernet7
switchport access vlan 108
!
interface FastEthernet8
switchport access vlan 100
!
interface FastEthernet9
switchport access vlan 66
!
interface Vlan66
ip address 192.168.7.252 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan100
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
!
interface Vlan108
ip address 10.10.10.9 255.255.255.248
!
Split-tunnel ACL for VPN clients
access-list 108 permit ip 10.10.10.0 0.0.0.7 14.1.1.0 0.0.0.255
NAT ACL for VPN and local VLANs
ip nat inside source route-map NONAT interface Dialer0 overload
access-list 112 deny ip 10.10.10.0 0.0.0.7 14.1.1.0 0.0.0.255
access-list 112 deny ip 192.168.7.0 0.0.0.255 14.1.1.0 0.0.0.255
access-list 112 permit ip 10.10.10.0 0.0.0.7 any
route-map NONAT permit 10
match ip address 112
I underestand 10.10.10.7 is the broadcast address of Vlan100.
When I connect a VPN client and ping the remote VLAN 10.10.10.1 and then ping 10.10.10.7, the output is as follows:
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=50ms TTL=255
Pinging 10.10.10.7 with 32 bytes of data:
Reply from 85.176.X.X: bytes=32 time=55ms TTL=255
Question #1: I understand ACL 112 does NAT for 10.10.10.1-6 but not 10.10.10.7. How sould ACL 112 look like?
Question #2: Is it normal to get a reply when you ping a broadcast address at all?
Any help is appreciated!
Kind Regards,
Sebastian
09-29-2010 07:50 AM
Answer to Question #2
From: http://support.microsoft.com/?scid=kb%3Ben-us%3B137421&x=14&y=16
RFC-1122 Section 3.2.2.6 Echo Request/Reply
"An ICMP Echo Request destined to an IP broadcast or IP multicast address MAY be silently discarded.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide