ios vpn, no traffic to client, nat or acl problem?
Hi all, still no luck passing traffic from the router to the client. No matter what approach I've tried I still can't get traffic to come back through the VPN tunnel to the client. I can see my pings on the router while debugging but they refuse to return to the client. I can also send other traffic like WOL udp packets, but nothing from the router to the client. It's a Cisco SOHO 91 running NAT with a dhcp address on the outside interface from a DSL connection. I've tried everything I could think of with the access list, a route map, a nat pool, removing all of the unneeded access lists, all with no luck. There is absolulely no problems connecting and the routes look good on both sides (I think). I still need to run overloaded NAT for my inside web server and other services, so I need a solution that works with my current config... Could someone please look at my attached config and hopefully suggest something that can get the normal 2 way traffic going? I'm all out of ideas on this one... Thanks in advance, Jay.
Here's my version info, and I attached my running config:
Cisco Internetwork Operating System Software
IOS (tm) SOHO91 Software (SOHO91-K9OY6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Synched to technology version 12.3(1.6)T
ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
ROM: SOHO91 Software (SOHO91-K9OY6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Re: ios vpn, no traffic to client, nat or acl problem?
Thanks for taking the time to assist me... I performed the debugging you wanted to see and ending up capturing about 2 megs of NAT output while the pinging was taking place. The strange thing is that the vpn client IP (10.10.1.5) did not show up one single time in the debugging output. I even tried debugging all three items separately and never saw the ip of the client show up once. I did see TONS of nat translations between the public IP of the client and the public IP of the router, but I'm not sure if you want to see any of that, I posted a sample below so you could see there was some natting taking place. The other important point to mention is that I'm located away from the home router now and I'm doing all this through a putty ssh connection, so there is A LOT of the ssh port traffic in the output. I'm using port 8080 for my ssh vty because I use port 22 on an inside server for another purpose. Anyway, I also captured the route information for both the vpn client and the router while the tunnel is up, here they are:
MyCisco91#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 18.104.22.168 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 10.10.1.5/32 [1/0] via 22.214.171.124
C 10.10.10.0/24 is directly connected, Ethernet0
126.96.36.199/23 is subnetted, 1 subnets
C 188.8.131.52 is directly connected, Ethernet1
S* 0.0.0.0/0 [254/0] via 184.108.40.206
C:\Documents and Settings\Administrator>route print
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...