Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

We replaced a router with upgraded OS and VPN stopped working

We have an ASA5520 with VPN working fine.

outside host <---> ASA (10.100.0.2/24) <---> (10.100.0.1) Router (10.4.1.1/16) <---> (10.4.1.x) inside Host

We replaced the router, which upgraded the OS from v12.2 to v15.0. We duplicated all the addressing and routing statements from the old router. Now the VPN still connects but the outside host can't ping the inside host anymore. The outside host can't ping any further than the inside interface of the router (10.4.1.1). The Router can ping the outside host, so I know the tunnel is up.

I suspect there is a difference in the OS versions that is tripping us up. Perhaps in the way that we have reused the 10.x.x.x address range?

I've attached the router config.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

We replaced a router with upgraded OS and VPN stopped working

Am I correct in understanding that 10.4.200.0 is the address range used for the VPN address pool? So the outside host is getting address 10.4.200.x and is attempting to ping 10.4.1.x?

Based on this assumption I am going to guess that the issue may be with this:

interface GigabitEthernet0/1

no ip proxy-arp

I suggest that you try enabling proxy arp on the inside interface. Give it a try and let us know if it helps.

HTH

Rick

4 REPLIES
Hall of Fame Super Silver

We replaced a router with upgraded OS and VPN stopped working

Am I correct in understanding that 10.4.200.0 is the address range used for the VPN address pool? So the outside host is getting address 10.4.200.x and is attempting to ping 10.4.1.x?

Based on this assumption I am going to guess that the issue may be with this:

interface GigabitEthernet0/1

no ip proxy-arp

I suggest that you try enabling proxy arp on the inside interface. Give it a try and let us know if it helps.

HTH

Rick

New Member

We replaced a router with upgraded OS and VPN stopped working

Your assumption is correct about the address range. The ip proxy-arp solved the big problem. Thank you!

We have some other issues because our network is more complicated than I presented. I'll post a new entry if we run into any more road blocks.

Hall of Fame Super Silver

We replaced a router with upgraded OS and VPN stopped working

I am glad that my suggestion pointed you to a successful solution of your problem. Thank you for using the rating system to mark the question as answered (and thanks for the points). It makes the forum more useful when people can read about an issue and can know that a solution was found. Your marking has contributed to this process.

This forum is an excellent resource and I encourage you to continue to use it and to post questions when you run into issues.

HTH

Rick

We replaced a router with upgraded OS and VPN stopped working

Rick rules

222
Views
0
Helpful
4
Replies
CreatePlease login to create content