05-28-2007 09:55 AM
I need a quick fix to this... I've tried everything known to me and then some!! I'm not use to setting up VPNs on a router, only through a pix... I've added access-lists to cover all my bases but still am unable to get this going. I can connect to the VPN fine and get an IP, however, I cannot access the internal network on f0/0. With this config, if I try to ping something on the internal network, I get responses from the outside interface... Quick help is appreciated!
05-29-2007 07:21 AM
Terry
I suspect that your problem is the address translation on the serial interface (where the crypto map is). I believe that you need to add in access list 110 a line before the existing lines which would deny ip with source 10.0.10.x and destination 10.0.11.x.
HTH
Rick
05-31-2007 06:36 AM
Thanks for the reply, but I ended up going with VPDN just to get it finished. This was easier on the customer anyway since they didn't have to worry about the cisco vpn client.
07-02-2007 06:55 PM
your 102 ACL was messed up aswell
yours:
access-list 102 deny ip 10.0.11.0 0.0.0.255 10.0.10.0 0.0.0.255
access-list 102 deny ip 10.0.10.0 0.0.0.255 10.0.11.0 0.0.0.255
access-list 102 permit ip 10.0.10.0 0.0.0.255 any
access-list 102 permit ip 10.0.11.0 0.0.0.255 any
access-list 102 permit ip any 10.0.10.0 0.0.0.255
access-list 102 permit ip any 10.0.11.0 0.0.0.255
All you need:
!--- this deny's your client ip network from being nat'd out to wan. forces it over the tunnel
access-list 101 deny ip any 10.0.11.0 0.0.0.255
!--- permit the local traffic to be nat'd to wan.
access-list 101 permit ip 10.0.10.0 0.0.0.255 any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide