cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
641
Views
0
Helpful
9
Replies

Cisco Easy VPN issue

dilshannet
Level 1
Level 1

Hi,

After configuring Cisco Easy VPN Server I was able to form connection between client and VPN Server. But still I am not able to ping the LAN IPs. I am using NAT and I have removed VPN client network from NATing.

vpnclient 2.JPGvpnclient.JPG

IP address I am trying to ping is 10.0.0.2.

Below is the configuration.

crypto ctcp

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group imovation

key ********

pool SDM_POOL_1

acl 100

crypto isakmp profile ciscocp-ike-profile-1

   match identity group imovation

   client authentication list ciscocp_vpn_xauth_ml_1

   isakmp authorization list ciscocp_vpn_group_ml_1

   client configuration address respond

   virtual-template 1

!

ip local pool SDM_POOL_1 172.16.11.2 172.16.11.10

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto ipsec profile CiscoCP_Profile1

set transform-set ESP-3DES-SHA

set isakmp-profile ciscocp-ike-profile-1

!

!

!

!

!

!

interface Loopback0

ip address 172.16.1.1 255.255.255.0

!

interface GigabitEthernet0/1

description ### LAN ###

ip address 10.0.0.1 255.255.255.0

no ip unreachables

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

interface Virtual-Template1 type tunnel

ip unnumbered Loopback0

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

!

ip nat inside source list 101 interface Dialer1 overload

access-list 100 remark CCP_ACL Category=4

access-list 100 permit ip 10.0.0.0 0.0.0.255 any

access-list 101 deny   ip 10.0.0.0 0.0.0.255 172.16.11.0 0.0.0.255

access-list 101 permit ip 10.0.0.0 0.0.0.255 any

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

Pls help.

Thanks in advance.

9 Replies 9

jawad-mukhtar
Level 4
Level 4

Kindly TurnOff windows Firewall.

Also check

172.16.11.x when assigned check its netmaks by using ipconfig/all.

*** Do Rate All Helpful Posts***

Jawad

Hi Jawad,

Firewall is already off. I checked the netmask it was /16 and I have done the necessary changes. Now it is /24 but it still not working.

What Default Gateway of

10.0.0.2..

Jawad

it is 10.0.0.1 (Router Interface). I have created a loopback ip in the router and i cant ping that ip too.

Have you defined default route in your router config.

Jawad

Yes. It is "ip route 0.0.0.0 0.0.0.0 Dialer1"

Hi,

Can you ping the internal IP address of the Router (10.0.0.1)?

Thanks.

Portu.

crypto isakmp client configuration group imovation

key ********

pool SDM_POOL_1

no acl 100

Check by Removing ACL

and also in your PC add manual Routes  172.16.11.0.

also post

route print of your PC

Jawad

no. I cannot ping 10.0.0.1 ip either.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: