Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

cisco vpn client to cisco router 880 - Private ip not responding only public ip

Experts,


I have an interesting issue, I am able to authenticate and connect my cisco vpn client to my Cisco880K9 router.


My internal network is: 10.10.1.0

My VPN IP Pool is: 10.10.2.2-10.10.2.250

My external Public ip address is: 192.198.46.14


When I connect with my vpn client I get my vpn pool address 10.10.2.2.

IF I ping my server 10.10.1.2  I get a response from my public IP Address.


Example:

Pinging 10.10.1.2 with 32 bytes of data:

Reply from 192.198.46.14: bytes=32 time=45ms TTL=127

Reply from 192.198.46.14: bytes=32 time=50ms TTL=127

Reply from 192.198.46.14: bytes=32 time=42ms TTL=127

Reply from 192.198.46.14: bytes=32 time=45ms TTL=127


I am attaching my configuration file. It is pretty much a copy from the following link:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml

Thanks for the help

Everyone's tags (5)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

cisco vpn client to cisco router 880 - Private ip not responding

Please kindly configure NAT exemption as follows:

access-list 120 deny ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255

access-list 120 permit ip 10.10.1.0 0.0.0.255 any

ip nat inside source list 120 interface FastEthernet4 overload

no ip nat inside source list 1 interface FastEthernet4 overload

Then clear the translation: clear ip nat trans *

Cisco Employee

cisco vpn client to cisco router 880 - Private ip not responding

The reason why you can't remote desktop is because you have configured the following static PAT statement that unfortunately take precedence over your NAT exemption:

ip nat inside source static tcp 10.10.1.2 3389 192.198.46.14 3389 extendable

Do you require RDP with the public IP? if you don't and only require RDP via VPN, then please take the static PAT statement out, and RDP via VPN will work.

5 REPLIES
Cisco Employee

cisco vpn client to cisco router 880 - Private ip not responding

Please kindly configure NAT exemption as follows:

access-list 120 deny ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255

access-list 120 permit ip 10.10.1.0 0.0.0.255 any

ip nat inside source list 120 interface FastEthernet4 overload

no ip nat inside source list 1 interface FastEthernet4 overload

Then clear the translation: clear ip nat trans *

New Member

cisco vpn client to cisco router 880 - Private ip not responding

Jennifer, thank you very much for the tip, I will schedule the downtime and try this configuration.

New Member

cisco vpn client to cisco router 880 - Private ip not responding

Jennifer,

Thanks for your help, I can now ping the private ip address with the acl that you have provided.

My only problem at this moment is that I can not remote desktop to the server,any ideas?

Remote desktop does work if I do it from the local lan.

Cisco Employee

cisco vpn client to cisco router 880 - Private ip not responding

The reason why you can't remote desktop is because you have configured the following static PAT statement that unfortunately take precedence over your NAT exemption:

ip nat inside source static tcp 10.10.1.2 3389 192.198.46.14 3389 extendable

Do you require RDP with the public IP? if you don't and only require RDP via VPN, then please take the static PAT statement out, and RDP via VPN will work.

New Member

cisco vpn client to cisco router 880 - Private ip not responding

Jennifer, I have to say that you know what you are talking about!  Thanks a bunch!

1019
Views
0
Helpful
5
Replies
CreatePlease to create content