Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between Cisco 877 and Cisco Small Business SRP527W Up but unable to ping client.

Hi,

I have an IP Sec VPN between a Cisco 877 and a Cisco Small Business SRP527W. We can ping the private IP of the remote router but nothing beyond them. E.g. we can ping the default gateway of the remote PC e.g. 192.168.0.1 but are unable to ping the PC on 192.168.0.3.

Any ideas / hints greatly appreciated.

Thanks,


Craig.

2 REPLIES
Cisco Employee

Re: VPN between Cisco 877 and Cisco Small Business SRP527W Up bu

Hello,

Do you have NAT configured on the remote end? Have you excluded VPN traffic

from NAT rules?

Regards,

NT

New Member

Re: VPN between Cisco 877 and Cisco Small Business SRP527W Up bu

Hi, I didn’t configure the router but I have had a look and this is the VPN NAT config:

ip nat inside source route-map no-nat interface Dialer0 overload

access-list 120 remark SDM_ACL Category=18

access-list 120 remark IPSec Rule

access-list 120 deny   ip 172.27.27.0 0.0.0.31 192.168.179.0 0.0.0.255

access-list 120 deny   ip 172.27.27.0 0.0.0.31 192.168.175.0 0.0.0.255

access-list 120 deny   ip 172.27.27.0 0.0.0.31 192.168.176.0 0.0.0.255

access-list 120 deny   ip 172.27.27.0 0.0.0.31 192.168.177.0 0.0.0.255

access-list 120 deny   ip 172.27.27.0 0.0.0.31 192.168.178.0 0.0.0.255

access-list 120 deny   ip 172.27.27.0 0.0.0.31 192.178.179.0 0.0.0.255

access-list 120 permit ip 172.27.27.0 0.0.0.31 any

route-map no-nat permit 1

match ip address 120

match interface Dialer0

The hub subnet is

172.27.27.0

The following are the remote sites.

192.168.179.0

192.168.175.0

192.168.176.0

192.168.177.0

192.168.178.0

192.168.179.0

Before I make changes I'm sure the lines:

access-list 120 deny   ip 172.27.27.0 0.0.0.31 192.168.xxx.0 0.0.0.255

need to be:

access-list 120 permit ip 172.27.27.0 0.0.0.31 192.168.xx.0 0.0.0.255

?

274
Views
0
Helpful
2
Replies
CreatePlease login to create content