I am having an issue with the ez vpn that i configured on the 2811 we just newly bought. Actually the thing is that i fully configured it ie ezvpn. It does work, i mean i do have my IKE phase 1 and 2 fully negotiated and it gets to the secure channels and all that it does when ever i connect with my cisco vpn client software. But the issue is that i can't access anything in my LAN i can only ping through to my LAN interface but anything beyond my lan interface i just can't. Please find below the config.
no service pad
boot system flash:c2800nm-advsecurityk9-mz.124-3g.bin
aaa authentication login wisegroup_DB local
aaa authentication login wisegroupvpnclient local
aaa authorization exec wisegroup_DB local
aaa authorization network wisegroup local
aaa session-id common
no ip bootp server
ip domain name wise.com
ip name-server 18.104.22.168
ip name-server 172.16.1.252
crypto isakmp policy 100
crypto isakmp keepalive 20 3
crypto isakmp client configuration group WISE_REM_VPN
ip nat inside source list NAT_ADDRESS interface FastEthernet0/1 overload
ip access-list extended NAT_ADDRESS
deny ip 172.16.1.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 172.16.0 0.0.0.255 any
ip access-list ext SPLITREMOTE
permit ip 172.16.1.0 0.0.0.255 any
Please i need to know what is the wrong thing i am doing that i can't reach my lan only the LAN interface of my router that i could ping from the remote system. I am having the feeling that it's a routing issue but then i can't say. I Also intend configuring a s2s vpn to with same router and interface. Please advise!
Just to let you know that i added the acl as you said still wasn't able to reach my lan. Please any other suggestions. Like i said i am able to ping across my router Lan interface but to ping beyond the router LAN interface is where the problem lies! I do appreciate you suggestion earlier and do look out for more!
Hi, I think you should to make sure if traffic went through vpn tunnel firstly when you ping beyond the router lan interface. you can check by "show crypto ipsec sa", or even "debug ip packet acl".
If packet already reach router through vpn tunnel and did go out, then you should check gw of pc in your lan. if not reaching router at all, you should sniffer on your vpn client, or check its route table, to see why traffic cannot go into vpn tunnel.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :