Topology: ISP---2811---Juniper--inside network
I have configured ezvpn on 2811, and can dial successfully,but can't ping inside interface of 2811
I don't know why , please help me
I think you are missing the NAT Exemption part of your configuration. Try creating an ACL that denies traffic source internal networks destination VPN subnet from being NATted; then change your nat statement from source list (ACL) to source route-map which references the ACL.
I read somewhere that Cisco recommends using source route-map instead of source ACL for additional configuration flexibility...
access-list 100 deny ip 192.168.200.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 permit ip any any
route-map NAT_EXEMPT permit 10
match ip address 100
ip nat inside source route-map NAT_EXEMPT interface FastEthernet0/1 overload
Hope this resolves the problem...