Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Routing problem for Cisco newbie

Hello,

I'm fairly new to the Cisco IOS, and currently have a problem with a setup for an 877. This 877 the default gateway for a network, and has also a lan to lan vpn that works to my home. The problem is that I can resolve and ping hosts on the internet from the 877 itself, but not from any host on it's VLAN. I can also reach the 877 and the hosts on the Vlan from the lan on the other side of the lan to lan vpn.

adsl#show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

80.0.0.0/32 is subnetted, 1 subnets

C 80.101.177.108 is directly connected, Dialer0

S 192.168.4.0/24 [1/0] via 192.168.6.1

S 192.168.5.0/24 [1/0] via 192.168.6.1

C 192.168.6.0/24 is directly connected, Vlan1

194.109.5.0/32 is subnetted, 1 subnets

C 194.109.5.213 is directly connected, Dialer0

S 192.168.7.0/24 [1/0] via 192.168.6.1

S 192.168.1.0/24 [1/0] via 192.168.6.1

S 192.168.2.0/24 [1/0] via 192.168.6.1

S* 0.0.0.0/0 is directly connected, Dialer0

3 REPLIES
Hall of Fame Super Silver

Re: Routing problem for Cisco newbie

Hello Jacco,

from your config I see is missing the

route-map SDM_RMAP_1 definition

add:

route-map SDM_RMAP_1 permit 10

match ip address 1

so the NAT will start to work and hosts in the LAN will be able to ping hosts in the internet

It looks like you used SDM to create this config

Hope to help

Giuseppe

New Member

Re: Routing problem for Cisco newbie

This helped indeed for the NAT part, but now the vpn tunnel doesn't work anymore. Indeed the set-up was done by SDM, since i'm not confident enough with the cli yet, and got short learning time..

Hall of Fame Super Silver

Re: Routing problem for Cisco newbie

Hello Jacco,

you need to use an extended ACL and to deny traffic that will go on the vpn

access-list 100 remark IPSec Rule

access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.20.0 0.0.0.255

so traffic from 192.168.6.0/24 to 192.168.20.0/24 has be denied when defining what to NAT

access-list 161 deny ip 192.168.6.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 161 permit ip 192.168.6.0 0.0.0.255 any

route-map SDM_RMAP_1 permit 10

match ip address 161

Hope to help

Giuseppe

101
Views
0
Helpful
3
Replies
CreatePlease to create content