Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client connect to CISCO 887 VPN Server but I can't ping Local LAN

Hi

my scenario is as follows


SERVER1 on lan (192.168.1.4)

|

|

CISCO-887 (192.168.1.254)

|

|

INTERNET

|

|

VPN Cisco client on windows 7 machine


My connection have public ip address assegned by ISP, after ppp login.

I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).


All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.


But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN. I can't even ping the gateway 192.168.1.254


I'm using Cisco VPN client (V5.0.07) with "IPSec over UDP NAT/PAT".


What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)

Perhaps ACL problem?


Building configuration...


Current configuration : 4921 bytes

!

! Last configuration change at 14:33:06 UTC Sun Jan 26 2014 by NetasTest

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname TestLab

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authentication login ciscocp_vpn_xauth_ml_2 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

aaa authorization network ciscocp_vpn_group_ml_2 local

!

!

!

!

!

aaa session-id common

memory-size iomem 10

!

crypto pki trustpoint TP-self-signed-3013130599

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3013130599

revocation-check none

rsakeypair TP-self-signed-3013130599

!

!

crypto pki certificate chain TP-self-signed-3013130599

certificate self-signed 01

3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33303133 31333035 3939301E 170D3134 30313236 31333333

35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30313331

33303539 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100A873 940DE7B9 112D7C1E CEF53553 ED09B479 24721449 DBD6F559 1B9702B7

9087E94B 50CBB29F 6FE9C3EC A244357F 287E932F 4AB30518 08C2EAC1 1DF0C521

8D0931F7 6E7F7511 7A66FBF1 A355BB2A 26DAD318 5A5A7B0D A261EE22 1FB70FD1

C20F1073 BF055A86 D621F905 E96BD966 A4E87C95 8222F1EE C3627B9A B5963DCE

AE7F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

551D2304 18301680 14E37481 4AAFF252 197AC35C A6C1E8E1 E9DF5B35 27301D06

03551D0E 04160414 E374814A AFF25219 7AC35CA6 C1E8E1E9 DF5B3527 300D0609

2A864886 F70D0101 05050003 81810082 FEE61317 43C08637 F840D6F8 E8FA11D5

AA5E49D4 BA720ECB 534D1D6B 1A912547 59FED1B1 2B68296C A28F1CD7 FB697048

B7BF52B8 08827BC6 20B7EA59 E029D785 2E9E11DB 8EAF8FB4 D821C7F5 1AB39B0D

B599ECC1 F38B733A 5E46FFA8 F0920CD8 DBD0984F 2A05B7A0 478A1FC5 952B0DCC

CBB28E7A E91A090D 53DAD1A0 3F66A3

quit

!

!

!

!

!

!

no ip domain lookup

ip cef

no ipv6 cef

!

!

license udi pid CISCO887VA-K9 sn ***********

!

!

username ******* secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw

username ******* secret 4 Qf/16YMe96arcCpYI46YRa.3.7HcUGTBeJB3ZyRxMtE

!

!

!

!

!

controller VDSL 0

!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group EXTERNALS

key NetasTest

dns 8.8.4.4

pool VPN-Pool

acl 120

crypto isakmp profile ciscocp-ike-profile-1

match identity group EXTERNALS

client authentication list ciscocp_vpn_xauth_ml_2

isakmp authorization list ciscocp_vpn_group_ml_2

client configuration address respond

virtual-template 1

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

mode tunnel

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

mode tunnel

!

crypto ipsec profile CiscoCP_Profile1

set transform-set ESP-3DES-SHA1

set isakmp-profile ciscocp-ike-profile-1

!

!

!

!

!

!

!

interface Ethernet0

no ip address

shutdown

!

interface ATM0

no ip address

no atm ilmi-keepalive

hold-queue 224 in

pvc 8/35

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Virtual-Template1 type tunnel

ip address 192.168.2.1 255.255.255.0

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

!

interface Vlan1

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname ****

ppp chap password 0 *********

ppp pap sent-username ****** password 0 *******

no cdp enable

!

ip local pool VPN-Pool 192.168.2.210 192.168.2.215

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

!

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

access-list 100 remark

access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 100 remark

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 120 remark

access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

!

!

!

!

!

line con 0

exec-timeout 5 30

password ******

no modem enable

line aux 0

line vty 0 4

password ******

transport input all

!

!

end

Best Regards,

Everyone's tags (2)
477
Views
0
Helpful
0
Replies
CreatePlease to create content