Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1811 - configuration

Hi,

I have configured my Cisco 1811 router (Lab environemnt) as follows:

VPN settings for remote clients

crypto isakmp client configuration group 3000client

key XXXXXX

dns 8.8.8.8

domain cisco.local

pool ippool

acl 108

VLAN settings

interface FastEthernet7

switchport access vlan 108

!

interface FastEthernet8

switchport access vlan 100

!

interface FastEthernet9

switchport access vlan 66

!

interface Vlan66

ip address 192.168.7.252 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan100

ip address 10.10.10.1 255.255.255.248

ip nat inside

ip virtual-reassembly

!

interface Vlan108

ip address 10.10.10.9 255.255.255.248

!

Split-tunnel ACL for VPN clients

access-list 108 permit ip 10.10.10.0 0.0.0.7 14.1.1.0 0.0.0.255

NAT ACL for VPN and local VLANs

ip nat inside source route-map NONAT interface Dialer0 overload

access-list 112 deny   ip 10.10.10.0 0.0.0.7 14.1.1.0 0.0.0.255

access-list 112 deny   ip 192.168.7.0 0.0.0.255 14.1.1.0 0.0.0.255

access-list 112 permit ip 10.10.10.0 0.0.0.7 any

route-map NONAT permit 10

match ip address 112

I underestand 10.10.10.7 is the broadcast address of Vlan100.

When I connect a VPN client and ping the remote VLAN 10.10.10.1 and then ping 10.10.10.7, the output is as follows:

Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=50ms TTL=255


Pinging 10.10.10.7 with 32 bytes of data:
Reply from 85.176.X.X: bytes=32 time=55ms TTL=255

Question #1: I understand ACL 112 does NAT for 10.10.10.1-6 but not 10.10.10.7. How sould ACL 112 look like?

Question #2: Is it normal to get a reply when you ping a broadcast address at all?

Any help is appreciated!

Kind Regards,

Sebastian

Everyone's tags (4)
1 REPLY
New Member

Re: Cisco 1811 - configuration

Answer to Question #2

From: http://support.microsoft.com/?scid=kb%3Ben-us%3B137421&x=14&y=16

RFC-1122 Section 3.2.2.6  Echo Request/Reply

"An ICMP Echo Request destined to an IP broadcast or IP multicast     address MAY be silently discarded.

925
Views
0
Helpful
1
Replies
CreatePlease login to create content