08-11-2008 11:57 PM - edited 03-03-2019 11:06 PM
Hello,
I'm fairly new to the Cisco IOS, and currently have a problem with a setup for an 877. This 877 the default gateway for a network, and has also a lan to lan vpn that works to my home. The problem is that I can resolve and ping hosts on the internet from the 877 itself, but not from any host on it's VLAN. I can also reach the 877 and the hosts on the Vlan from the lan on the other side of the lan to lan vpn.
adsl#show ip route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
80.0.0.0/32 is subnetted, 1 subnets
C 80.101.177.108 is directly connected, Dialer0
S 192.168.4.0/24 [1/0] via 192.168.6.1
S 192.168.5.0/24 [1/0] via 192.168.6.1
C 192.168.6.0/24 is directly connected, Vlan1
194.109.5.0/32 is subnetted, 1 subnets
C 194.109.5.213 is directly connected, Dialer0
S 192.168.7.0/24 [1/0] via 192.168.6.1
S 192.168.1.0/24 [1/0] via 192.168.6.1
S 192.168.2.0/24 [1/0] via 192.168.6.1
S* 0.0.0.0/0 is directly connected, Dialer0
08-12-2008 12:44 AM
Hello Jacco,
from your config I see is missing the
route-map SDM_RMAP_1 definition
add:
route-map SDM_RMAP_1 permit 10
match ip address 1
so the NAT will start to work and hosts in the LAN will be able to ping hosts in the internet
It looks like you used SDM to create this config
Hope to help
Giuseppe
08-13-2008 10:18 AM
This helped indeed for the NAT part, but now the vpn tunnel doesn't work anymore. Indeed the set-up was done by SDM, since i'm not confident enough with the cli yet, and got short learning time..
08-13-2008 11:52 AM
Hello Jacco,
you need to use an extended ACL and to deny traffic that will go on the vpn
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.20.0 0.0.0.255
so traffic from 192.168.6.0/24 to 192.168.20.0/24 has be denied when defining what to NAT
access-list 161 deny ip 192.168.6.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 161 permit ip 192.168.6.0 0.0.0.255 any
route-map SDM_RMAP_1 permit 10
match ip address 161
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide