Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

URGENT: Unable to ping vpn client ip from router

hi guys, I ahve setup a very simple vpn using cisco guides on internet.

I can successfully connect to the cisco vpn client using the config below.

My client pc gets the ip from the pool, lets say 14.1.1.100

but when I try to ping 14.1.1.100 from router. there is no reply.

when i ping from router using local lan interafce as source, it still doesnt work.

Can someone please look at the config and advise what have I been missing?

The config below wors and I ahev tested it successfully. It setup the vpn connection but I cannot ping any IP addresses.

Please help. Many thanks, 

=======================Config for vpn connection =============================

!

version 12.4

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname vpn2611

!

boot-start-marker

boot-end-marker

!

!

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

aaa session-id common

memory-size iomem 15

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

fax interface-type fax-mail

username cisco password 0 cisco

!

!

!

!

crypto isakmp policy 3

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key cisco123 address 172.18.124.199 no-xauth

!

crypto isakmp client configuration group 3000client

key cisco123

dns 10.10.10.10

wins 10.10.10.20

domain cisco.com

pool ippool

!

!

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 1 ipsec-isakmp

set peer 172.18.124.199

set transform-set myset

match address 100

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

interface FastEthernet0/0

ip address 10.10.10.1 255.255.255.0

speed auto

half-duplex

no keepalive

!

interface FastEthernet0/1

ip address 172.18.124.159 255.255.255.0

speed 100

full-duplex

crypto map clientmap

!

ip local pool ippool 14.1.1.100 14.1.1.200

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 172.18.124.1

!

!

ip http server

no ip http secure-server

!

access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

snmp-server community foobar RO

!

!

!

control-plane

!

!

dial-peer cor custom

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

!

!

end

====================================END OF CONFIG ==========================

3 REPLIES
New Member

Re: URGENT: Unable to ping vpn client ip from router

Can someone please help me with this urgently?

many thanks

New Member

Re: URGENT: Unable to ping vpn client ip from router

Can you ping from the client to the rest of the network? Clients at times have firewalls that won't allow pings to return.

Bronze

Re: URGENT: Unable to ping vpn client ip from router

Hello,

I recommend using an RFC1918 network for your IP pool instead of a publically routable network such as 14.x.x.x. RFC1918 includes addresses like 10.0.0.0/8, 172.16.0.0 - 172.31.255.255, and 192.168.0.0/16.

You will likely also need to add that new IP pool network to the crypto acl (100).

James

927
Views
0
Helpful
3
Replies
CreatePlease to create content