Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP communicator with VPN

Hi,

I have router DSL 877 and uc520 connecting to each other, and I have PC outside installed on it Cisco VPN client and Cisco ip communicator, I want to make IP communicator working with uc520, the problem is I have already configure the VPN on router and it is working, but I can not ping the uc520,

I have attached the Visio layout how is the connection, and the configuration.

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: IP communicator with VPN

Pls remove the following from the 877 router:

ip route 172.16.1.0 255.255.255.0 10.10.10.10

Also your UC520 also have the NAT configuration that needs to be changed:

ip nat inside source list 1 interface FastEthernet0/0 overload

--> ACL 1, should be changed to ACL 150 as follows:

access-list 150 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 10.1.10.0 0.0.0.3 172.16.1.0 0.0.0.255

access-list 150 permit ip 10.1.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.1.10.0 0.0.0.3 any


ip nat inside source list 150 interface FastEthernet0/0 overload

no ip nat inside source list 1 interface FastEthernet0/0 overload

6 REPLIES
Super Bronze

Re: IP communicator with VPN

As per your topology, your voice subnet (10.1.1.0/24) is currently the same as your VPN IP pool subnet (10.1.1.x) . You would need to change the VPN IP Pool subnet to a unique subnet so routing will work.

Further to that, you would also need to change the following ACL 1 assigned to your NAT:

ip nat inside source list 1 interface Dialer0 overload

Currently ACL 1 (standard ACL):

access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255

Should be changed to ACL 150 (extended ACL):

access-list 150 deny ip 10.10.10.0 0.0.0.255

access-list 150 deny ip 10.10.11.0 0.0.0.255 

access-list 150 deny ip 10.1.1.0 0.0.0.255 

access-list 150 permit ip 10.10.10.0 0.0.0.255 any

access-list 150 permit ip 10.10.11.0 0.0.0.255 any

Hope that helps.

New Member

Re: IP communicator with VPN

hi,

Thank you for reply. I change it as you tell me and it is working, but now we have the IP communicator keep shows register not taken extension. Any idea.

Super Bronze

Re: IP communicator with VPN

Please also make sure that UC520 default route is the 877 router, OR/ alternatively UC520 needs to have route for the new ip pool subnet to point

towards 877 router (10.10.10.1).

Also, I assume that you have removed "ip nat inside source list 1 interface Dialer0 overload", and replaced it with "ip nat inside source list 150 interface Dialer0 overload".

Please share the latest config of 877 and UC520. Thx.

New Member

Re: IP communicator with VPN

I already replaced "ip nat inside source list 1 interface Dialer0 overload" to "ip nat inside source list 150interface Dialer0 overload" and I add one command on router 877 for new subnet "ip route 172.16.1.0 0.0.0.255 10.10.10.10" and on uc520 there is ip defualt route "0.0.0.0 0.0.0.0 10.10.10.1"

Super Bronze

Re: IP communicator with VPN

Pls remove the following from the 877 router:

ip route 172.16.1.0 255.255.255.0 10.10.10.10

Also your UC520 also have the NAT configuration that needs to be changed:

ip nat inside source list 1 interface FastEthernet0/0 overload

--> ACL 1, should be changed to ACL 150 as follows:

access-list 150 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 150 deny ip 10.1.10.0 0.0.0.3 172.16.1.0 0.0.0.255

access-list 150 permit ip 10.1.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.1.10.0 0.0.0.3 any


ip nat inside source list 150 interface FastEthernet0/0 overload

no ip nat inside source list 1 interface FastEthernet0/0 overload

New Member

Re: IP communicator with VPN

It is working now, thank you very very much for your help you are the best.

regards.

571
Views
20
Helpful
6
Replies