https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313712#M969682 <HTML><HEAD></HEAD><BODY><P>You are most welcome. </P><P></P><P>Have a good day ahead..</P><P></P><P>Regards</P><P>M</P></BODY></HTML> Mon, 16 Nov 2009 13:01:30 GMT mopaul 2009-11-16T13:01:30Z https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313709#M969675 <P>Hi, I need help with the IPsec VPN configuration on router 2811. I want to allow communication between VPN clients, is this possible? I know that in ASA you can do this by using command "same-security-traffic permit intra-interface". </P><P></P><P>The fact is each Client has IP communicator installed but when they tried to make call between each other it failed. I assume this is because the connectivity between them is not ok because of the VPN connection.</P><P></P><P>Thanks in advance...</P> Fri, 21 Feb 2020 11:47:52 GMT https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313709#M969675 prachaya_k 2020-02-21T11:47:52Z https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313710#M969677 <HTML><HEAD></HEAD><BODY><P>Hi ,</P><P></P><P>Try this :-</P><P></P><P></P><P>ip local pool ippool 192.168.1.1 192.168.1.5</P><P></P><P>access-list 1 permit host 192.168.1.2 &lt;&lt;&lt; vpn ip addr of client 1</P><P>access-list 1 permit host 192.168.1.3 &lt;&lt;&lt; vpn ip addr of client 2</P><P>access-list 1 permit 10.10.10.0 0.0.0.255</P><P>&lt;&lt;&lt; LAN behind the router.</P><P></P><P>crypto isakmp client configuration group vpnclient</P><P> key cisco123</P><P> acl 1 &lt;&lt;&lt; binding the acl 1</P><P>!</P><P>--------Done-------------</P><P></P><P>If you are doing NAT on router then you might want to exempt your VPN traffic from being NAt'd.</P><P></P><P>Assuming the NAT statement on your router is </P><P></P><P>ip nat inside source list 111 interface FastEthernet1/0 overload</P><P>!</P><P></P><P>!--- The access list is used to specify which traffic </P><P>!--- is to be translated for the outside Internet.</P><P> </P><P></P><P>access-list 111 deny ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255</P><P>access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255</P><P></P><P>Above two statements are exempting the traffic from Nat.</P><P></P><P>access-list 111 permit ip 10.10.10.0 0.0.0.255 any &lt;&lt;&lt;, permits NAT.</P><P></P><P>I would like to know if this worked for you.</P><P></P><P>Regards</P><P>M</P></BODY></HTML> Sun, 15 Nov 2009 06:43:28 GMT https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313710#M969677 mopaul 2009-11-15T06:43:28Z https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313711#M969679 <HTML><HEAD></HEAD><BODY><P>Problem solved, Thank you very much!</P></BODY></HTML> Mon, 16 Nov 2009 04:37:59 GMT https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313711#M969679 prachaya_k 2009-11-16T04:37:59Z https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313712#M969682 <HTML><HEAD></HEAD><BODY><P>You are most welcome. </P><P></P><P>Have a good day ahead..</P><P></P><P>Regards</P><P>M</P></BODY></HTML> Mon, 16 Nov 2009 13:01:30 GMT https://community.cisco.com/t5/network-security/need-help-ios-ipsec-configuration-to-allow-communication-between/m-p/1313712#M969682 mopaul 2009-11-16T13:01:30Z