Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN connects but then can't ping inside addreses 192.168.1.*

I an a novice at VPN. I have created a working VPN service on our Cisco 1711, and can sucessfully connect from a Cisco VPN client. Using the resulting tunnel, I can access the router using its static IP, and also access a directly connected DSL gateway using its static IP (i/f FastEthernet0). However, I have no connectivity to the hosts on the private network (lan1) e.g. no response from ping. Any ideas what might be blocking me?

The only thing I wonder about is that the hosts on the private network uses addresses 192.168.1.*, which are not routable; I don't know if that makes a difference in this case.

7 REPLIES

Re: VPN connects but then can't ping inside addreses 192.168.1.*

Hello Dale

Is the inside subnet, directly connecting to your 1711 routers ethernet ?? can you give us your LAN subnet and the IP Pool that is being used for Remote access VPN connection ??

Raj

New Member

Re: VPN connects but then can't ping inside addreses 192.168.1.*

Hello Raj, here is the info you requested.

Yes, the inside subnet is directly connected to the router. The inside subnet hosts are assigned addresses 192.168.1.*, and on that interface the router's address is 192.168.1.1.

The IP Pool is 192.168.1.161 to 192.168.1.170. The associated subnet mask is 255.255.255.0.

Thanks,

Dale

New Member

Re: VPN connects but then can't ping inside addreses 192.168.1.*

I have the same problem. Have you solved?

Thanks

New Member

Re: VPN connects but then can't ping inside addreses 192.168.1.*

Hi ,

this might be due to ACLs or Firewall rules.

Can you check that ESP is authorized ?

hope this helps ..

New Member

Re: VPN connects but then can't ping inside addreses 192.168.1.*

How Can i check this configuration. Can you explain what I have to do?

Thanks

New Member

Re: VPN connects but then can't ping inside addreses 192.168.1.*

I have checked the ACLs and NAT configuration, and find no problems there (for what it's worth since I'm a novice).

It appears to me that the problem is in the routing table regarding the VPN pool-assigned addresses. We chose the pool addresses to be a subset of those on Vlan1, and the routing table includes this:

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

I don't know for sure if this is a problem, but it may be, and in any case, it makes things more difficult to understand and to manage. It's possible that the routing table is selecting to send the packets addressed to the tunnel IPs back to Vlan1 rather than outward through the tunnel.

So I plan to redo the VPN address pool to be on a new subnet -- different from the subnets of our existing ones on Vlan1 and Vlan2, thus making the VPN pool-assigned addresses simply and clearly managable without entanglement with those of Vlan1 and Vlan2. I am hopeful that this will make things work.

Comments?

New Member

Re: VPN connects but then can't ping inside addreses 192.168.1.*

My VNP setup is now fully operational! The solution proposed in the previous post was indeed the answer.

235
Views
0
Helpful
7
Replies
CreatePlease login to create content