Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Cisco VPN Client connected to 1841 router but not pinging to remote LAN

Hi All,

Can anyone help me please...

I am trying to set up Remote access vpn in 1841 router. The vPN client is connecting to router, but cannot ping to remote LAN

Here is the config.

Current configuration : 3625 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

enable password mp**********14

!

aaa new-model

!

!

aaa authentication login AUTH local

aaa authorization network AUTH local

!

aaa session-id common

!

resource policy

!

no ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.107.200 192.168.107.250

ip dhcp excluded-address 192.168.107.24

!

ip dhcp pool mpo-dhcp

   network 192.168.107.0 255.255.255.0

   default-router 192.168.107.24

!

!

no ip domain lookup

ip name-server 4.2.2.6

ip name-server 4.2.2.5

ip ddns update method dyndns

HTTP

HTTP

    add http://username:password@members.dyndns.org/nic/update?system=dyndns&hpassword@members.dyndns.org/nic/update?system=dyndns&h

ostname=myip.dyndns.net&myip=<a>

interval maximum 0 0 1 0

!

vpdn enable

!

vpdn-group pppoe

!

!

!

!

username a***h privilege 15 password 0 ******************

!

!

!

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

crypto isakmp client configuration address-pool lo

!

crypto isakmp client configuration group EZ

key m***********o7

dns 192.168.107.200 4.2.2.2

pool POOL

acl 101

netmask 255.255.255.0

crypto isakmp profile ISAKMP-P

   match identity group EZ

   client authentication list AUTH

   isakmp authorization list AUTH

   client configuration address respond

   virtual-template 1

!

!

crypto ipsec transform-set TS esp-aes esp-sha-hmac

mode transport

crypto ipsec profile IP-MPO

set transform-set TS

set isakmp-profile ISAKMP-P

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.107.24 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

ip virtual-reassembly

speed auto

full-duplex

pppoe enable

pppoe-client dial-pool-number 1

!

interface Virtual-Template1 type tunnel

no ip address

tunnel source FastEthernet0/1

tunnel mode ipsec ipv4

tunnel path-mtu-discovery

tunnel protection ipsec profile IP-MPO

!

interface Dialer1

ip ddns update hostname mpo.dyndns.ws

ip ddns update dyndns

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname *********

ppp chap password 0 ************

ppp pap sent-username ********** password 0 ********

!

ip local pool POOL 10.0.0.10 10.0.0.15

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

no ip http server

no ip http secure-server

ip dns server

ip nat inside source route-map VPN-NAT interface Dialer1 overload

!

access-list 101 permit ip 192.168.107.0 0.0.0.255 10.0.0.0 0.0.0.255

access-list 102 deny   ip 192.168.107.0 0.0.0.255 10.0.0.0 0.0.0.255

access-list 102 permit ip 192.168.107.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

!

route-map VPN-NAT permit 10

match ip address 102

!

control-plane

!

!

line con 0

exec-timeout 0 0

line aux 0

exec-timeout 0 0

line vty 0 4

password **********

logging synchronous

!

scheduler allocate 20000 1000

end

I am not getting any hit on the deny statement of 102 when i try pinging to client ip address (10.0.0.10). Please check this and help with a solution.

Everyone's tags (5)
2 REPLIES

Cisco VPN Client connected to 1841 router but not pinging to rem

Hi Shereef,

Config looks fine (unless I miss something). Internal sw/LAN device has route to 10.0.0.0/255.255.255.0 (or default route)points to router LAN ip?

Thx

MS

New Member

Cisco VPN Client connected to 1841 router but not pinging to rem

Dear Sheik,

Thank you very much for your help. I was missing ip unnumbered command in

Virtual template interface, so ip services was disabled. Its working after the command.

Thank you again....

1525
Views
0
Helpful
2
Replies
CreatePlease to create content