Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn client --> 2611 cant ping network

to all,

i have a 2611 setup to be a vpn concentrator as well as other things. as it is now, i can vpn in fine, authenticate fine and get on the network. however once on the network, i can only ping one IP address, (unless clear ip nat trans *)or(wait for trans timeout). and i can only ping the IP nothing else. (telnet etc). i have the ACLs applied to the crypto interface allowing traffic to the subnets. and i also included the route-map nonat config. but the route-map seems to have no effect on this problem. any ideas on what i should look at.

-------------------------------------------------------------------

VPN Pool: 192.168.100.0/24

E0/0: 192.168.1.0/24

ip nat inside source route-map nonat pool overload

(isakmp client config ACL)

access-list 101 permit ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255

(route-map ACL)

access-list 102 deny ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

!

route-map nonat permit 10

match ip address 102

-------------------------------------------------------------------

Also when I vpn it seems i still have the public IP from the network i am VPNing from. i thought i would have the public IP of the remote side once i VPNed in. Is this correct?

thanks

jking

1 REPLY
Silver

Re: vpn client --> 2611 cant ping network

From your desciprion, it would seem like you have a problem with the nat config. It would seem like reply packets for the client, are being natted, and hence not encrypted.

Have another look at this sample, and see if you can work out your issue.

http://www.cisco.com/warp/customer/707/ios_D.html

http://www.cisco.com/warp/public/707/static.html

As it is, I don't understand why you have access-list 101 when you only use the vpn client.

184
Views
0
Helpful
1
Replies