cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
538
Views
0
Helpful
3
Replies

IPSec VPN Connectivity Issue

tkatsiaounis
Level 1
Level 1

Ok i have the following configuration. One asa 5540 is the vpn server and through site to site vpn's some cisco 2811 routers connect to it. All cisco routers have the same ip in their internal interface so i am nat'ing them to another ip to connect to the vpn. The same goes for the servers behind. So we have

ip nat inside source static 10.0.10.10 10.1.89.10

ip nat inside source static 10.0.10.30 10.1.89.30

Where .10 is the server and .30 is the router. The vpn comes up and i can pint from the server to my internal network lets say to server 10.0.20.10. From server 10.0.20.10 i can ping both the nat'ed ip's. However i cannot ping 10.0.20.10 from the routers. Also i try pinging 10.1.89.10 on the router and it pings fine. On the other hand pinging 10.1.89.30 does not when 10.0.10.30 does. PLEASE HELP. I need the router to be able to communicate with 10.0.20.10 sever.

Thanks in advance.

1 Accepted Solution

Accepted Solutions

andrew.prince
Level 10
Level 10

Since you are natting, and you are using the same LAN ip subnet in the routers (very bad desgin) try using an extended ping from the pool of nat addresses on the lan interface.

View solution in original post

3 Replies 3

andrew.prince
Level 10
Level 10

Since you are natting, and you are using the same LAN ip subnet in the routers (very bad desgin) try using an extended ping from the pool of nat addresses on the lan interface.

My goal is to have full connectivity and not just ping. I will try though. As far as the design is concerned thank god it was not mine. And indeed it sucks.

I have tried extended ping and when i specify source ip address 10.0.10.30 it does ping normally. What can i do to establish full connectivity????

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: