Cisco Support Community
Community Member

Cisco 2911 Site-to-Site and Easy VPN having weird troubles, please help.


I hava a Cisco 2911 ISR and want to setup it to allow site to site VPNs from 6 remote sites, their public ip addresses are dynamic and they have SonicWall routers, I also want to allow VPN connections from remote users with the Cisco VPN client (using Easy VPN Server). I made most of my config using the Cisco Configuration Professional and I'm having a very strange problem. Let's say my local (Headquarters) network is and my remote networks are,, ... ,, and my Easy VPN clients get a 192.168.10/0 address. The problem is: if I make a connection from any local PC, let's say to any remote PC, or even the SonicWall remote LAN IP Address (let's say I can successfully connect, but if I want to connect from the remote site (let's say in the case of site to site or in the case of Easy VPN Client) to a local PC (let's say I can't connect. What I'm missing or doing wrong? I'm attaching my current Running Config. Thanks in advance.


Cisco Employee

Re: Cisco 2911 Site-to-Site and Easy VPN having weird troubles,


First off, i see you have an ACL defined in your dynamic crypto map. I have seen issues with passing traffic through VPN when this is done. Please try removing that and see how it goes!!

crypto dynamic-map SDM_DYNMAP_1 1
no match address VPN_Sites

For the remote access VPN clients, please share the output of "show cry isa sa" and "show cry ips sa".



Community Member

Re: Cisco 2911 Site-to-Site and Easy VPN having weird troubles,


Thank you for your response.

This is actually working, I had to check it myself. I logged in to a remote computer using LogMeIn and everything was working. Some guys were connecting in the remote sites directly to the DSL modem, so they were not connecting through the sonicwall router, that was the problem, unfortunately there is no IT personnel in the remote sites, and nothing can't stop them to do what they want, lol.

The only thing that seems to be not working is the Easy VPN connection. I can connect to the HQ, and the router shows the connection UP and ACTIVE both in ISAKMP and IPSEC, but I can't ping the router from the remote client computer.

Cisco Configuration Professional has a monitor feature. When I ping the router from the Easy VPN Client, the tunnel shows decapsulating traffic activity but it doesn't sends the response, it doesn't shows encapsulating activity, and when I try to ping from the router to the client, it doesn't shows activity at all.

If someone sees something wrong in my config, please let me know.

P.D. The current running-config is the same as above.

CreatePlease to create content