Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DVTI help

Topology:

ClientPC----{internet}----2851router-----LAN

I've configured EzVPN using SDM, but remote users can't access anything inside the LAN and vice versa. When the tunnel is up, I can ping all the router interfaces from a remote PC, but not beyond the router. I can even run SDM via VPN, but nothing gets through to or from the LAN.

Users from the LAN can browse the Internet just fine.

Any help appreciated.

Attached is the config:

Some show commands:

1. show ip route:

Gateway of last resort is yy.yy.yy.yy to network 0.0.0.0

x.0.0.0/30 is subnetted, 1 subnets

C x.3.2.12 is directly connected, Serial0/1/1

192.168.50.0/32 is subnetted, 2 subnets

S 192.168.50.6 [1/0] via 0.0.0.0, Virtual-Access2

S 192.168.50.7 [1/0] via 0.0.0.0, Virtual-Access3

S* 0.0.0.0/0 [1/0] via 124.83.2.13

C 192.168.8.0/21 is directly connected, Vlan1

2. sh crypto sess detail

Crypto session current status

Code: C - IKE Configuration mode, D - Dead Peer Detection

K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication

Interface: Virtual-Access2

Session status: UP-ACTIVE

Peer: [public IP of remote PC] port 3947 fvrf: (none) ivrf: (none)

Phase1_id: VPN

Desc: (none)

IKE SA: local [router public IP]/4500 remote [public IP of remote PC]/3947 Active

Capabilities:CXN connid:1005 lifetime:23:21:54

IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 192.168.50.6

Active SAs: 2, origin: crypto map

Inbound: #pkts dec'ed 896 drop 0 life (KB/Sec) 4515170/1319

Outbound: #pkts enc'ed 348 drop 0 life (KB/Sec) 4515199/1319

Interface: Virtual-Access3

Session status: UP-ACTIVE

Peer: [public IP of remote PC] port 14741 fvrf: (none) ivrf: (none)

Phase1_id: VPN

Desc: (none)

IKE SA: local [router public IP]/4500 remote [public IP of remote PC]/14741 Active

Capabilities:CXN connid:1006 lifetime:23:50:30

IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 192.168.50.7

Active SAs: 2, origin: crypto map

Inbound: #pkts dec'ed 187 drop 0 life (KB/Sec) 4518566/3041

Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 4518590/3041

Thanks!

1 REPLY
Bronze

Re: DVTI help

Virtual Tunnel Interface (VTI) while the remote spokes can be configured using VTI or crypto maps (supporting single proxy).

Check if you have configured ip address on the insde interface of the VPN client. I think your problem is related to cisco bug CSCek19217

148
Views
0
Helpful
1
Replies
CreatePlease login to create content