Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
4
Replies

Access from Client to Server by VPN Server

farrukh19911
Level 1
Level 1

‎02-05-2016 01:44 AM - edited ‎03-05-2019 03:16 AM

The client receives the address from the VPN pool (192.168.10.3/24). Pings reaches to VPN Server local interface (192.168.20.10), but i cant ping the Server (192.168.20.15) from client PC . It is also impossible do any ping from VPN Server to Client PC, when it gets ip address (192.168.10.3).

How do I get access from the PC Client to Server using a VPN server? 

The scheme is not changed.

Labels:
Preview file
33 KB
0 Helpful
4 Replies 4

jj27
Spotlight
Spotlight

‎02-05-2016 10:30 AM

Can you post your 2811 (VPN Server) router configuration?

If I had to guess, your router is network translating the 192.168.20.x traffic to the public IP NAT pool or overload interface IP address before it is reaching your VPN client network of 192.168.10.x.

You will need to exempt NAT for 192.168.20.x destined for 192.168.10.x.

0 Helpful

farrukh19911
Level 1
Level 1
In response to jj27

‎02-07-2016 07:16 PM

sh running-config:


hostname VPN_Server
!
aaa new-model
!
aaa authentication login vpn_xauth_1 local
aaa authorization network vpn_group_1 local
!
ip cef

!
username test privilege 15 password test

!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group remote-clients
 key ju2399kjlljs9
 domain test.com
 pool VPN_POOL
 acl 100

crypto isakmp profile ike-profile-1
   match identity group remote-clients
   client authentication list vpn_xauth_1
   isakmp authorization list vpn_group_1
   client configuration address respond
   virtual-template 1
!
crypto ipsec transform-set SET esp-3des esp-sha-hmac
!
crypto ipsec profile Cisco_Profile1
 set transform-set SET
 set isakmp-profile ike-profile-1
!

interface FastEthernet0/0
 ip address 192.168.20.10 255.255.255.0
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 ip address 218.18.18.40 255.255.255.0
 ip access-group outside_in in
 duplex auto
 speed auto
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet0/1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile Cisco_Profile1
!
ip local pool VPN_POOL 192.168.10.2 192.168.10.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 218.18.18.1
!
!
ip http server
no ip http secure-server
!
ip access-list extended outside_in
 permit tcp host 218.18.20.30 host 218.18.18.40 eq 22
 permit udp any host 218.18.18.40 eq isakmp
 permit udp any host 218.18.18.40 eq non500-isakmp
 permit icmp host 218.18.20.30 host 218.18.18.40
 permit tcp any any established
 deny   ip any any
!
access-list 100 permit ip 192.168.0.0 0.0.255.255 any

0 Helpful

farrukh19911
Level 1
Level 1
In response to farrukh19911

‎02-07-2016 07:24 PM

Can you tell, what kind of NAT command to add? Give an example in this scheme

0 Helpful

farrukh19911
Level 1
Level 1
In response to farrukh19911

‎02-07-2016 09:05 PM

I solve this problem. I changed the VPN pool to 192.168.20.20 192.168.20.30. It is working well. But now I want to NAT all clients through external interface. How can i do it?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card