Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS VPN tunnel with Cisco Secure Client - Tunnel Good, No Ping!

Good afternoon.

We are trying to set up a 3DES tunnel via a Cisco 1750 with the 3DES feature set and a Windows 98 client with the Cisco Secure Client (not-unified). We were able to get the tunnel up and running, however we are unable to get any pings going from the client to the private network. I used this configuration example from Cisco CCO as my template:

http://www.cisco.com/warp/customer/707/25.shtml

The things which changed from the example were the public ip's and the private ip's. The site with the 1750 has a publicly numbered serial interface, with a RFC1918 address on the Fast Ethernet interface(192.168.1.1). I set up the local pool to give the client an ip in the range of 192.168.2.1 to 192.168.2.254. The client get's the IP when it connects, and the routing table has an entry for the 192.168.2.0 network when I do a show ip route.

The problem I am having now is the actual routing of my PINGS from the client, through the tunnel and to a host on the RFC1918 address space (private network).

I used the ACL's on the aforementioned webpage for my template also. It could very well be an access list issue, but I do not understand why unless the sample configuration is missing something. Regular traffic destined for the Internet is NAT'd, while traffic from the 192.168.1.0 network to the clients located in a 192.168.2.0 network address is not.

Does anyone have any idea's on this? If you need further information, please let me know and I'll round it up.

Thanks in advance for your help.

Patrick Rice

  • Other Security Subjects
1 REPLY

Re: IOS VPN tunnel with Cisco Secure Client - Tunnel Good, No Pi

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

86
Views
0
Helpful
1
Replies