Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

cannot access remote lan cisco 881 easyvpn

Hello all

I can successfully establish a vpn connection using the cisco vpn client but i cannot access any resources on the remote site, nor can i ping anything.
The device running the EASYVPN server is cisco 881.

I would i appreciate some help here.

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp client configuration group GROUPVPN
 key Password1
 pool SDM_POOL_3
 acl 100
crypto isakmp profile ciscocp-ike-profile-1
   match identity group GROUPVPN
   client authentication list ciscocp_vpn_xauth_ml_3
   isakmp authorization list ciscocp_vpn_group_ml_3
   client configuration address respond
   virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
 mode tunnel
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
 mode tunnel
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
 mode tunnel
crypto ipsec profile CiscoCP_Profile1
 set transform-set ESP-3DES-SHA2
 set isakmp-profile ciscocp-ike-profile-1

interface FastEthernet0
 no ip address
interface FastEthernet1
 no ip address
interface FastEthernet2
 no ip address
interface FastEthernet3
 no ip address
interface FastEthernet4
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet4
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
 ip address
 ip nat inside
 ip virtual-reassembly in
ip local pool SDM_POOL_3
ip forward-protocol nd
ip http server
no ip http secure-server
ip nat inside source list 199 interface FastEthernet4 overload
ip route
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip
access-list 199 remark CCP_ACL Category=18
access-list 199 deny   ip
access-list 199 permit ip any

mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
mgcp profile default

line con 0
 no modem enable
line aux 0
line vty 0 4
  transport input telnet
 transport output telnet
scheduler allocate 20000 1000

Everyone's tags (3)
New Member

The configuration is good.

The configuration is good. The Nat exemption is configure as expected. Does not look like a configuration issue.

Check the default gateway on the host that you are tying to ping and make sure it is pointing to the router.

If it is a windows PC then check if windows firewall is enabled. That can cause issues. 

On the Client PC make sure that the IP on the local adapter is not in the same subnet as that of the vpn pool.


CreatePlease to create content