Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing in EasyVPN

Hello.

I have configured Easy VPN on Cisco 2811-K9. Vpn works, clients can connect.

This router is also configured for Dynamic VPN (Site-to-site). From this router I can ping any device in remote offices.

But users who connect ti this router by Easy VPN cannot ping this devices.

No access-list are in use on router except split-acl on Easy VPN server.

Easy VPN IP - public static 109.......

Easy VPN Pool 172.16.11.20 - 200.

Secured routes to VPN (SPLIT ACL):

Extended IP access list test

    10 permit ip 172.16.11.0 0.0.0.255 any

    20 permit ip 192.168.46.0 0.0.0.255 any

    30 permit ip 10.10.0.0 0.0.255.255 any

    40 permit ip 10.20.0.0 0.0.255.255 any

    50 permit ip 10.46.0.0 0.0.255.255 any

    60 permit ip 10.48.0.0 0.0.255.255 any

    70 permit ip 10.62.1.0 0.0.0.255 any

Routes on client after VPN:

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

         0.0.0.0          0.0.0.0    192.168.46.21   192.168.46.140     20

        10.10.0.0      255.255.0.0       172.16.0.1     172.16.11.48    100

        10.20.0.0      255.255.0.0       172.16.0.1     172.16.11.48    100

        10.46.0.0      255.255.0.0       172.16.0.1     172.16.11.48    100

        10.48.0.0      255.255.0.0       172.16.0.1     172.16.11.48    100

        10.62.1.0    255.255.255.0       172.16.0.1     172.16.11.48    100

     109.73.46.14  255.255.255.255    192.168.46.21   192.168.46.140    100

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

       172.16.0.0      255.255.0.0         On-link      172.16.11.48    276

      172.16.11.0    255.255.255.0       172.16.0.1     172.16.11.48    100

     172.16.11.48  255.255.255.255         On-link      172.16.11.48    276

   172.16.255.255  255.255.255.255         On-link      172.16.11.48    276

     192.168.46.0    255.255.255.0         On-link    192.168.46.140    276

     192.168.46.0    255.255.255.0       172.16.0.1     172.16.11.48    100

    192.168.46.33  255.255.255.255         On-link    192.168.46.140    100

   192.168.46.140  255.255.255.255         On-link    192.168.46.140    276

   192.168.46.140  255.255.255.255       172.16.0.1     172.16.11.48    276

   192.168.46.255  255.255.255.255         On-link    192.168.46.140    276

   192.168.46.255  255.255.255.255       172.16.0.1     172.16.11.48    276

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link    192.168.46.140    276

        224.0.0.0        240.0.0.0         On-link      172.16.11.48    276

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link    192.168.46.140    276

  255.255.255.255  255.255.255.255         On-link      172.16.11.48    276

As you see, ping for example to 10.10.11.1 must go through:

10.10.0.0      255.255.0.0       172.16.0.1     172.16.11.48    100

But it seems it doesn'tgo:

Tracing route to 10.10.11.1 over a maximum of 30 hops

  1     *        *        *     Request timed out.

  2     *        *    

Help!


168
Views
0
Helpful
0
Replies