Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn client --> 2611 cant ping network

to all,

i have a 2611 setup to be a vpn concentrator as well as other things. as it is now, i can vpn in fine, authenticate fine and get on the network. however once on the network, i can only ping one IP address, (unless clear ip nat trans *)or(wait for trans timeout). and i can only ping the IP nothing else. (telnet etc). i have the ACLs applied to the crypto interface allowing traffic to the subnets. and i also included the route-map nonat config. but the route-map seems to have no effect on this problem. any ideas on what i should look at.


VPN Pool:


ip nat inside source route-map nonat pool overload

(isakmp client config ACL)

access-list 101 permit ip

access-list 101 permit ip

(route-map ACL)

access-list 102 deny ip

access-list 102 permit ip any


route-map nonat permit 10

match ip address 102


Also when I vpn it seems i still have the public IP from the network i am VPNing from. i thought i would have the public IP of the remote side once i VPNed in. Is this correct?




Re: vpn client --> 2611 cant ping network

From your desciprion, it would seem like you have a problem with the nat config. It would seem like reply packets for the client, are being natted, and hence not encrypted.

Have another look at this sample, and see if you can work out your issue.

As it is, I don't understand why you have access-list 101 when you only use the vpn client.