Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN connections: impossible to ping network's machines

Hello,

I have configured a Cisco 857 device. I can connect to the internet. I can also establish VPN connections remotely.

However, once I have established a VPN connection, I cannot ping any system on the company LAN.

I have seen several posts on these forums but I couldn't configure properly my router.

I attach my config. Is it possible to know what corrections I should do?

My LAN IPs are 10.0.0.x with a subnet mask 255.0.0.0.

For my remote clients, I have now configured it to use 255.0.1.x.

Thanks and regards,

MaC

6 REPLIES
New Member

Re: VPN connections: impossible to ping network's machines

Here is the attachment...

Silver

Re: VPN connections: impossible to ping network's machines

I can see in your configuration that you use

split-tunneling, which is fine.

However, I think you need add the following

line in the configuration so that your router

will NOT NAT traffics when going from 10.0.0.0/8 to 255.0.1.x/24:

no access-list 120

access-list 120 remark SDM_ACL Category=18

access-list 120 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

access-list 120 deny ip 10.0.0.0 0.255.255.255 255.0.1.0 0.0.0.255

access-list 120 permit ip 10.0.0.0 0.0.0.255 any

That way, the traffics from 10.0.0.0/8 will not be NATted when going to

255.0.1.0/24 for the VPN.

CCIE Security

New Member

Re: VPN connections: impossible to ping network's machines

Hello,

To what does 255.0.1.x/24 refer? Is this a special range?

Wouldn't you rather mean 10.0.1.x/8 as 10.0.1.x will be the IP of the clients?

Regards,

New Member

Re: VPN connections: impossible to ping network's machines

Correction to my first post: "For my remote clients, I have now configured it to use 10.0.1.x."

Regards,

New Member

Re: VPN connections: impossible to ping network's machines

Here is the current state of my access lists; still nothing working:

access-list 100 remark SDM_ACL Category=4

access-list 100 permit ip 10.0.1.0 0.0.0.255 any

access-list 120 remark SDM_ACL Category=18

access-list 120 deny ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 120 deny ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255

access-list 120 permit ip 10.0.0.0 0.0.0.255 any

Regards,

New Member

Re: VPN connections: impossible to ping network's machines

Hello,

The problem is now solved.

It was related to the fact that as well my company network and my VPN client pool were using IPs in the same subnet.

Regards,

108
Views
3
Helpful
6
Replies