Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5725
Views
5
Helpful
17
Replies

Cisco 881 - Access Gateway from VPN session

Go to solution
Timothy Quinn
Level 1
Level 1

‎12-02-2010 05:59 PM - edited ‎03-04-2019 10:39 AM

Good Day,

I have configured my Cisco 881 and finally got past the "Cannot see my network" with IPSec VPN issue.

I have a usecase where I need to access the gateway from the VPN Session.

When I connect to the VPN using Cisco VPN Client 4.8x, I do not get back a Default Gateway on the VPN Adapter. When I try to ping my LAN Gateway IP (10.20.30.1) it does not respond and I cannot access it with any other tools.

I am pretty sure this is a very ACL issue and it makes sense to hide the gateway by default but the big question is how do I configure my router to see the Gateway and be able to access it from the VPN session?

Please see my cleaned configuration attached.

Network Info:

  • Internet Gateway to ISP: 192.168.68.1
  • DNS: 192.168.2.1
  • WAN Address for Cisco 881: 192.168.68.222
  • LAN Address on Cisco 881: 10.20.30.1
  • DHCP for LAN on Cisco 881: 10.20.30.10 - 10.20.30.50
  • DHCP for IPSec VPN: 10.20.40.10 - 10.20.40.50

Thanks in advance for your assistance!

Regards,

- JsD

Labels:
76341-Baseline_Config_0_noFirewall_step7_10.20.30.1.txt.zip
0 Helpful
17 Replies 17

Go to solution
Timothy Quinn
Level 1
Level 1
In response to Jennifer Halim

‎12-07-2010 04:36 PM

[Conclusion]

I verified that configuration now works. I have not gone back to the Easy VPN wizard in Configuration Professional to see if this can be done by default but I don't think that is the case. I think that CP is setting up Virtual Template for VPN by default ...

Please find attached my final config (with passwords cleansed) and also a UltraCompare between last version and final working version.

So my warning to other new networking folks out there: don't trust the CP Easy VPN wizard 100%. If you don't know how to set up a VPN by hand, like me, you may need to do the tweaks or get support.

A second thing I noticed during testing, if there are no servers or devices (switches etc) connected to the LAN of the router, VLan1 (LAN interface on 881) will go down by default. In this case, the VPN cannot get to the LAN Gateway interface because it is not listening. In order to get VLan1 to listen, you must connect a device to the LAN interfaces and turn them on. This can be confusing in a Lab setup where you are using Remote Access to configure and test the router.

Cheers,

- Tim

76583-Compare_of_Lawrence_TO_config_3_halijenn.txt.zip

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Timothy Quinn

‎12-07-2010 04:43 PM

Pls kindly mark this post as answered so others facing the same issue can follow the workaround provided based on your final configuration.

Great update and explaination btw. Thanks for that.

0 Helpful

Go to solution
Timothy Quinn
Level 1
Level 1
In response to Jennifer Halim

‎12-07-2010 05:00 PM

Thank you for your support

It appears that your ACL tweaks were right on the money too. I played around with those and found that they definitely are required.

Cheers

- Tim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card