Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
1
Replies

cannot access remote lan cisco 881 easyvpn

itservesolutions
Level 1
Level 1

‎09-08-2014 07:56 AM - edited ‎03-05-2019 06:53 AM

Hello all

I can successfully establish a vpn connection using the cisco vpn client but i cannot access any resources on the remote site, nor can i ping anything.
The device running the EASYVPN server is cisco 881.

I would i appreciate some help here.


crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group GROUPVPN
 key Password1
 dns 10.10.10.1 8.8.8.8
 pool SDM_POOL_3
 acl 100
crypto isakmp profile ciscocp-ike-profile-1
   match identity group GROUPVPN
   client authentication list ciscocp_vpn_xauth_ml_3
   isakmp authorization list ciscocp_vpn_group_ml_3
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
 mode tunnel
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
 mode tunnel
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
 mode tunnel
!
crypto ipsec profile CiscoCP_Profile1
 set transform-set ESP-3DES-SHA2
 set isakmp-profile ciscocp-ike-profile-1

interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface FastEthernet4
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet4
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip local pool SDM_POOL_3 10.10.20.10 10.10.20.20
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat inside source list 199 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
!
!
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 199 remark CCP_ACL Category=18
access-list 199 deny   ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 199 permit ip 10.10.10.0 0.0.0.255 any
!

control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!

line con 0
 no modem enable
line aux 0
line vty 0 4
  transport input telnet
 transport output telnet
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
1 Reply 1

Raja Periyasamy
Level 1
Level 1

‎09-10-2014 12:52 AM

The configuration is good. The Nat exemption is configure as expected. Does not look like a configuration issue.

Check the default gateway on the host that you are tying to ping and make sure it is pointing to the router.

If it is a windows PC then check if windows firewall is enabled. That can cause issues. 

On the Client PC make sure that the IP on the local adapter is not in the same subnet as that of the vpn pool.

 

0 Helpful
Customers Also Viewed These Support Documents