VPN Problems

tduplantis · ‎05-28-2007

I need a quick fix to this... I've tried everything known to me and then some!! I'm not use to setting up VPNs on a router, only through a pix... I've added access-lists to cover all my bases but still am unable to get this going. I can connect to the VPN fine and get an IP, however, I cannot access the internal network on f0/0. With this config, if I try to ping something on the internal network, I get responses from the outside interface... Quick help is appreciated!

Richard Burts · ‎05-29-2007

Terry

I suspect that your problem is the address translation on the serial interface (where the crypto map is). I believe that you need to add in access list 110 a line before the existing lines which would deny ip with source 10.0.10.x and destination 10.0.11.x.

HTH

Rick

HTH

Rick

tduplantis · ‎05-31-2007

Thanks for the reply, but I ended up going with VPDN just to get it finished. This was easier on the customer anyway since they didn't have to worry about the cisco vpn client.

sdesteuben · ‎07-02-2007

your 102 ACL was messed up aswell

yours:

access-list 102 deny ip 10.0.11.0 0.0.0.255 10.0.10.0 0.0.0.255

access-list 102 deny ip 10.0.10.0 0.0.0.255 10.0.11.0 0.0.0.255

access-list 102 permit ip 10.0.10.0 0.0.0.255 any

access-list 102 permit ip 10.0.11.0 0.0.0.255 any

access-list 102 permit ip any 10.0.10.0 0.0.0.255

access-list 102 permit ip any 10.0.11.0 0.0.0.255

All you need:

!--- this deny's your client ip network from being nat'd out to wan. forces it over the tunnel

access-list 101 deny ip any 10.0.11.0 0.0.0.255

!--- permit the local traffic to be nat'd to wan.

access-list 101 permit ip 10.0.10.0 0.0.0.255 any