Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ping on VPN gives only one reply

Hi

I have a VP using a 891 router.  Behind the router are two netwroks that connect to the router.  Internally, communication is fine.  When I have the network in building A on the router by itself I can ping the server through the tunnel.  However, when I connect building B to the router I get the same resuklt when pinigng the server in either building:  one reply followed by three time outs. 

Any ideas what might be causing this?

Thanks

Michael

Everyone's tags (1)
3 REPLIES

Re: Ping on VPN gives only one reply

Post our config for review

Sent from Cisco Technical Support iPad App

New Member

Ping on VPN gives only one reply

Here is the config:

Building configuration...

Current configuration : 7328 bytes
!
! Last configuration change at 17:33:11 PCTime Wed Dec 7 2011 by crabbe
! NVRAM config last updated at 17:33:11 PCTime Wed Dec 7 2011 by crabbe
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$M5QF$R9yVGIaK9YHzouQZzD.mW1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone PCTime -4
clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00
!
crypto pki trustpoint TP-self-signed-606235526
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-606235526
revocation-check none
rsakeypair TP-self-signed-606235526
!
!
crypto pki certificate chain TP-self-signed-606235526
certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 36303632 33353532 36301E17 0D313131 32303531 34333835
  315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3630 36323335
  35323630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  B1526FB2 2F2C4FD2 6707731D 581BEBFE AC36DA3A 2AED3500 11393125 321FCFC9
  F4FD879F 1F562C6E A2827CAA 7A358BF4 D0CFE448 5073AE35 F0E6D311 091418B7
  3EB64233 FA2AD226 0C331D10 78C90100 5BED78BA FB524B01 ED187A54 26722104
  7C890EA0 C8BF4AD6 34B9E943 7CC5CE2B 3CBCC0CA DEF5FB0D AB8B053E 355C0E67
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 168014DD 7B72D10A 73B26F20 6B504FCE 966C35D5 20E71630
  1D060355 1D0E0416 0414DD7B 72D10A73 B26F206B 504FCE96 6C35D520 E716300D
  06092A86 4886F70D 01010405 00038181 0022AE37 47DD08A8 820152E3 E766A67E
  76A3E654 3A575127 59168FCE ABDB0368 0BEEC68F F7855BAD 47014983 BB10BCB8
  FF2E804C 48201B1D F29A04D3 39AE77F0 81D36B5D D2E399A8 DA5B5F8D F935342B
  1F908BDB A012FAC4 3C5AC055 E51EC6E0 D1BF72C0 F16880D9 AA7E35BC 690D46CA
  25D7F892 A2C54CDA DBB2E405 07F82173 F9
   quit
no ip source-route
!
!
ip dhcp excluded-address 172.16.0.1 172.16.10.0
ip dhcp excluded-address 172.16.10.101 172.16.255.254
!
ip dhcp pool ccp-pool1
   import all
   network 172.16.0.0 255.255.0.0
   default-router 172.16.0.1
   dns-server 198.164.30.2 198.164.4.2
   lease 30
!
!
ip cef
no ip bootp server
ip domain name yourdomain.com
ip name-server 198.164.4.2
ip name-server 192.168.2.1
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891-K9 sn FGL154723N5
!
!
username crabbe privilege 15 secret 5 $1$b1am$6OFgLWcNvW5BDCuNVLh4g/
username DCrabbe privilege 0 secret 5 $1$Fpyt$hp8FzILRixBMvw6NnOfZI/
!
!
ip tcp synwait-time 10
no ip ftp passive
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group production
key !CrabbeBristolLum!
pool SDM_POOL_1
max-users 2
netmask 255.255.0.0
crypto isakmp profile ciscocp-ike-profile-1
   match identity group production
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
!
!
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
connect manual
group production key !CrabbeBristolLum!
mode network-extension
peer 172.16.0.1
virtual-interface 2
xauth userid mode http-intercept
!
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
description $ES_WAN$
ip address 192.168.2.25 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
!
!
interface Virtual-Template1 type tunnel
ip unnumbered Vlan1
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
!
interface Virtual-Template2 type tunnel
tunnel mode ipsec ipv4
!
!
interface GigabitEthernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 172.16.0.1 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1 inside
!
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
!
ip local pool SDM_POOL_1192.168.254.1 192.168.254.254

ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 192.168.2.1 2
!

!
logging trap debugging
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.254.1 0.0.255.255
no cdp run

!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

when I do a IPCONFIG the local connection is:

Ip address 172.16.10.1

subnet  255.255.0.0

default gateway nothing listed

nothing vpn connection:

ip address  172.16.254.1

subnet  255.255.0.0

default gateway 172.16.254.1

New Member

Ping on VPN gives only one reply

Just to update, plese ignore the IPCONFIG portion of the previous post.  That information is inaccurate.

Michael

624
Views
0
Helpful
3
Replies