Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Problems

I need a quick fix to this... I've tried everything known to me and then some!! I'm not use to setting up VPNs on a router, only through a pix... I've added access-lists to cover all my bases but still am unable to get this going. I can connect to the VPN fine and get an IP, however, I cannot access the internal network on f0/0. With this config, if I try to ping something on the internal network, I get responses from the outside interface... Quick help is appreciated!

3 REPLIES
Hall of Fame Super Silver

Re: VPN Problems

Terry

I suspect that your problem is the address translation on the serial interface (where the crypto map is). I believe that you need to add in access list 110 a line before the existing lines which would deny ip with source 10.0.10.x and destination 10.0.11.x.

HTH

Rick

New Member

Re: VPN Problems

Thanks for the reply, but I ended up going with VPDN just to get it finished. This was easier on the customer anyway since they didn't have to worry about the cisco vpn client.

New Member

Re: VPN Problems

your 102 ACL was messed up aswell

yours:

access-list 102 deny ip 10.0.11.0 0.0.0.255 10.0.10.0 0.0.0.255

access-list 102 deny ip 10.0.10.0 0.0.0.255 10.0.11.0 0.0.0.255

access-list 102 permit ip 10.0.10.0 0.0.0.255 any

access-list 102 permit ip 10.0.11.0 0.0.0.255 any

access-list 102 permit ip any 10.0.10.0 0.0.0.255

access-list 102 permit ip any 10.0.11.0 0.0.0.255

All you need:

!--- this deny's your client ip network from being nat'd out to wan. forces it over the tunnel

access-list 101 deny ip any 10.0.11.0 0.0.0.255

!--- permit the local traffic to be nat'd to wan.

access-list 101 permit ip 10.0.10.0 0.0.0.255 any

118
Views
0
Helpful
3
Replies
CreatePlease to create content