Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

easyVPN remote problem

Setup

-871 EasyVPN Remote (client mode)connecting to VPN3000

-tunnel comes up fine

-loopback gets an ip from VPN3000 LAN side

-can ping from loopback int to hosts on 3000 LAN side just fine

-cant ping from any other interface

-vlan1 is inside easyVPN, fast4 is outside easyVPN

how do you I get the packets to be translated to the ip on the loopback interface in order to travel through the tunnel? Supposedely, easyvpn is supposed to setup NAT/PAT for you.

6 REPLIES
Silver

Re: easyVPN remote problem

yes, easy vpn supports NAT/PAT. ping from router may not work cause that traffic is not uing the tunnel. you will need to ping from a host connected to the 871. If you nat and easy vpn is configured correctly then it should all work.

http://www.cisco.com/en/US/products/ps6635/products_data_sheet09186a00801541d5.html

New Member

Re: easyVPN remote problem

I tried to ping from a client connected to the 871. it doesnt work. The only ping that will work is from the loopback interface that has the ip given to it from the 3000. This makes sense of course because the IP is on the same subnet as the LAN side of the 3000.

You said that easyvpn supports NAT, but do you have to explicitly configure it when in client mode or does easyvpn configure it for you?

Here is my config for the 871

Silver

Re: easyVPN remote problem

hi,

your config looks fine. You might need to check the policy on the concentrator. Are you tunneling everything or are you doing split tunnelling. You can check the policy the 871 is receiving using "show crypto ipsec client ezvpn"

New Member

Re: easyVPN remote problem

i did the show crypto ipsec client ezvpn and it doesnt show anything about a policy or anything. It shows what interfaces are inside/outside, current peer, current state = active, dns servers, tunnel name...

It saids nothing of a policy or whats be tunneled.

Does split tunneling cause problems?

Silver

Re: easyVPN remote problem

"show crypto ipsec client ezvpn" should show you what settings the 871 is receiving from the concentrator. If you are using split tunneling then the above command should show you what addresses will be tunneled e.g. following line might appear in output of above command

Split Tunnel List: 1

Address : 192.168.200.0

Mask : 255.255.255.0

Protocol : 0x0

Source Port: 0

Dest Port : 0

Check your config on the concentrator.

New Member

Re: easyVPN remote problem

guess Im not using split tunneling because I'm not seeing that when i issue that command.

196
Views
0
Helpful
6
Replies