I have a 2811 router running IOS c2800nm-adventerprisek9-mz.124-22.YB8 with a wireless module ( HWIC-AP-G-A ) configured with an ipsec vpn.
Because of the wireless module, I believe that I need to have the inside ip address on the BVI.
When I do this, my vpn clients are unable to communicate with computers on the private network.
After a lot of debugging, I believe the reason to be that the BVI does not seem to respond to ARP requests from computers on the private network.
If I put the inside ip address on f0/1, then the VPN works the way it is supposed to but my wireless clients are unable to get an ip address due the BVI not having a network presence without an ip address.
debug arp output when I ping the vpn client from a computer on the private net and the inside ip is on f0/1:
Oct 7 00:05:20.075: IP ARP: rcvd req src 10.0.0.102 001c.c0ef.dc08, dst 10.0.0.153 FastEthernet0/1
Oct 7 00:05:20.075: IP ARP: sent rep src 10.0.0.153 001e.f760.8f11,
dst 10.0.0.102 001c.c0ef.dc08 FastEthernet0/1
debug arp output when I ping the vpn client from a computer on the private net and the inside ip is on bvi1:
Oct 7 00:09:22.971: IP ARP: rcvd req src 10.0.0.102 001c.c0ef.dc08, dst 10.0.0.154 BVI1
and no reply is ever sent.
This config works for VPN clients but not for wireless clients:
description House LAN
ip address 10.0.0.1 255.255.255.0
ip nat inside
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
This config works for wireless clients but not for VPN clients:
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...