Re: VPN Client not able to ping VPN Server VLAN

dgfhunter · ‎08-08-2023

Hi, I have a 2 Cisco Routers, one is acting as a VPN Server, and the other is acting as a VPN Client. The VPN Client is able to connect to the VPN Server successfully, as shown here:

VPNClientSite1#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 8

Tunnel name : vpnclient
Inside interface list: Vlan1
Outside interface: FastEthernet0/1 
Current State: IPSEC_ACTIVE
Last Event: SOCKET_UP
Address: 192.168.2.116 (applied on Loopback10000)
Mask: 255.255.255.255
DNS Primary: 3.149.11.10
Default Domain: ISTAR.GEO.CAN
Save Password: Disallowed
Current EzVPN Peer: X.X.X.X

Any help would be greatly appreciated...

Here is my client router config:

version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VPNClientSite1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 ****
enable password ****
!
no aaa new-model
!
!
!
!         
!         
!         
!         
!         
!         
!         
!         
!         
          
          
!         
!         
!         
!         
ip cef    
no ipv6 cef
!         
multilink bundle-name authenticated
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
crypto ipsec client ezvpn vpnclient
 connect auto
 group VPNGROUP key ****
 mode client
 peer X.X.X.X
 username vpnuser password ****
 xauth userid mode local
!         
!         
!         
!         
!         
!         
interface FastEthernet0/0
 ip address 10.3.1.0 255.255.0.0
 duplex half
 speed auto
!         
interface FastEthernet0/1
 ip address dhcp
 duplex auto
 speed auto
 crypto ipsec client ezvpn vpnclient
!         
interface FastEthernet0/2
 switchport mode access
 no ip address
!         
interface FastEthernet0/3
 switchport mode access
 no ip address
!         
interface FastEthernet0/4
 switchport mode access
 no ip address
!         
interface Vlan1
 ip address 3.150.100.0 255.255.0.0
 crypto ipsec client ezvpn vpnclient inside
!         
ip forward-protocol nd
!         
!         
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 dhcp
!         
ipv6 ioam timestamp
!         
!         
!         
control-plane
!         
!         
!         
!         
!         
!         
line con 0
 no modem enable
line aux 0
line vty 0 4
 password ****
 login    
 transport input none
!         
!         
end

Here is the interface configuration:

VPNClientSite1#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            10.3.1.0        YES NVRAM  down                  down    
FastEthernet0/1            192.168.2.2     YES DHCP   up                    up      
FastEthernet0/2            unassigned      YES unset  up                    up      
FastEthernet0/3            unassigned      YES unset  down                  down    
FastEthernet0/4            unassigned      YES unset  down                  down    
Loopback10000              192.168.2.116   YES TFTP   up                    up      
NVI0                       10.3.1.0        YES unset  up                    up      
Vlan1                      3.150.100.0     YES NVRAM  up                    up

More info:

VPNClientSite1#show ip cef 3.149.11.1 internal
0.0.0.0/0, epoch 0, flags [defrt], RIB[S], refcnt 5, per-destination sharing
  sources: RIB, DRH
  feature space:
    IPRM: 0x00048000
  ifnums:
    FastEthernet0/1(3): 192.168.2.1
  path list 922EC25C, 3 locks, per-destination, flags 0x69 [shble, rif, rcrsv, hwcn]
    path 92F6A788, share 1/1, type recursive, for IPv4
      recursive via 192.168.2.1[IPv4:Default], fib 922ECBAC, 1 terminal fib, v4:Default:192.168.2.1/32
      path list 9230C334, 2 locks, per-destination, flags 0x49 [shble, rif, hwcn]
          path 9230C7AC, share 1/1, type adjacency prefix, for IPv4
            attached to FastEthernet0/1, IP adj out of FastEthernet0/1, addr 192.168.2.1 811B6040
  output chain:
    IP adj out of FastEthernet0/1, addr 192.168.2.1 811B6040

VPNClientSite1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.2.1
      3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        3.150.0.0/16 is directly connected, Vlan1
L        3.150.101.0/32 is directly connected, Vlan1
      192.168.2.0/24 is variably subnetted, 3 subnets, 2 masks
C        192.168.2.0/24 is directly connected, FastEthernet0/1
L        192.168.2.2/32 is directly connected, FastEthernet0/1
C        192.168.2.116/32 is directly connected, Loopback10000

Thank you!

dgfhunter · ‎08-08-2023

I forgot to mention that I am unable to ping the VPN Server Vlan1 (3.149.11.1) from the VPN Client Router Vlan1 (3.150.100.1) or from the vpn client router at all...