Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

EZVPN - DVTI Client connected but cannot access internal resources

Hello Dears ,

am trying to configure EasyVPN using DVTI .

and I have problem the clinet will get connected and will get an IP address from the Local pool which is configured on the router .

but the client is not able to access or ping anything ,

Note : Network Diagram attached .

Router Configuration ( EZVPN Server )

R3#sh run

Building configuration...

Current configuration : 1968 bytes

!

version 12.4

aaa new-model

!

aaa authentication login EZ local

aaa authorization network EZ local

!

!

aaa session-id common

memory-size iomem 5

ip cef

!

!

username xyz password 123

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group EZVPN

key cisco123

pool EZPOOL

acl 101

crypto isakmp profile EZPROF

   match identity group EZVPN

   client authentication list EZ

   isakmp authorization list EZ

   client configuration address respond

   virtual-template 200

!

!

crypto ipsec transform-set TSET esp-3des esp-sha-hmac

!

crypto ipsec profile eziprof

set transform-set TSET

set isakmp-profile EZPROF

!

!

interface FastEthernet0/1

ip address 30.1.1.3 255.255.255.0

duplex auto

speed auto

!

!

interface FastEthernet1/0

ip address 192.168.1.50 255.255.255.0

duplex auto

speed auto

!

interface Virtual-Template200 type tunnel

ip unnumbered FastEthernet1/0

tunnel source FastEthernet1/0

tunnel mode ipsec ipv4

tunnel path-mtu-discovery

tunnel protection ipsec profile eziprof

!

ip local pool EZPOOL 200.100.10.1 200.100.10.10

ip route 0.0.0.0 0.0.0.0 30.1.1.4

!

!

ip http server

no ip http secure-server

!

access-list 101 permit ip host 30.1.1.4 any

access-list 101 permit ip host 1.1.1.1 any

access-list 101 permit ip host 2.2.2.2 any

!

!

!

The client got connected and authenticated and have the IP address 200.100.10.1

and static route is created in the router as below

R3#    sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 30.1.1.4 to network 0.0.0.0

     20.0.0.0/24 is subnetted, 1 subnets

C       20.1.1.0 is directly connected, FastEthernet0/0

C    192.168.1.0/24 is directly connected, FastEthernet1/0

     200.100.10.0/24 is variably subnetted, 2 subnets, 2 masks

S       200.100.10.0/24 is directly connected, FastEthernet1/0

S       200.100.10.1/32 [1/0] via 0.0.0.0, Virtual-Access2

     30.0.0.0/24 is subnetted, 1 subnets

C       30.1.1.0 is directly connected, FastEthernet0/1

S*   0.0.0.0/0 [1/0] via 30.1.1.4

but the client is not able to ping nothing at all

C:\Documents and Settings\Administrator>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 1.1.1.1:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

awaiting for your kind replies and feed back

thanks in advance

455
Views
0
Helpful
0
Replies
CreatePlease to create content