Access from Client to Server by VPN Server

farrukh19911 · ‎02-05-2016

The client receives the address from the VPN pool (192.168.10.3/24). Pings reaches to VPN Server local interface (192.168.20.10), but i cant ping the Server (192.168.20.15) from client PC . It is also impossible do any ping from VPN Server to Client PC, when it gets ip address (192.168.10.3).

How do I get access from the PC Client to Server using a VPN server?

The scheme is not changed.

jj27 · ‎02-05-2016

Can you post your 2811 (VPN Server) router configuration?

If I had to guess, your router is network translating the 192.168.20.x traffic to the public IP NAT pool or overload interface IP address before it is reaching your VPN client network of 192.168.10.x.

You will need to exempt NAT for 192.168.20.x destined for 192.168.10.x.

farrukh19911 · ‎02-07-2016

sh running-config:

hostname VPN_Server
!
aaa new-model
!
aaa authentication login vpn_xauth_1 local
aaa authorization network vpn_group_1 local
!
ip cef

!
username test privilege 15 password test

!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group remote-clients
key ju2399kjlljs9
domain test.com
pool VPN_POOL
acl 100

crypto isakmp profile ike-profile-1
   match identity group remote-clients
   client authentication list vpn_xauth_1
   isakmp authorization list vpn_group_1
   client configuration address respond
   virtual-template 1
!
crypto ipsec transform-set SET esp-3des esp-sha-hmac
!
crypto ipsec profile Cisco_Profile1
set transform-set SET
set isakmp-profile ike-profile-1
!

interface FastEthernet0/0
ip address 192.168.20.10 255.255.255.0
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address 218.18.18.40 255.255.255.0
ip access-group outside_in in
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/1
tunnel mode ipsec ipv4
tunnel protection ipsec profile Cisco_Profile1
!
ip local pool VPN_POOL 192.168.10.2 192.168.10.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 218.18.18.1
!
!
ip http server
no ip http secure-server
!
ip access-list extended outside_in
permit tcp host 218.18.20.30 host 218.18.18.40 eq 22
permit udp any host 218.18.18.40 eq isakmp
permit udp any host 218.18.18.40 eq non500-isakmp
permit icmp host 218.18.20.30 host 218.18.18.40
permit tcp any any established
deny   ip any any
!
access-list 100 permit ip 192.168.0.0 0.0.255.255 any

farrukh19911 · ‎02-07-2016

Can you tell, what kind of NAT command to add? Give an example in this scheme

farrukh19911 · ‎02-07-2016

I solve this problem. I changed the VPN pool to 192.168.20.20 192.168.20.30. It is working well. But now I want to NAT all clients through external interface. How can i do it?