Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1147
Views
10
Helpful
5
Replies

Could you help me about easy vpn .

SIRIPHAN SONMANEE
Level 1
Level 1

‎01-24-2014 11:08 PM - edited ‎03-04-2019 10:09 PM

Dear all,

could you help me about easy vpn.

now from the picture client @ branch site can access server  @ HQ site via local ip from vpn connection. but server @ site can not access to client local ip address.

i attach picture for this could you please advice about configuration.

Many thank for kindly support.

Labels:
15374564-hq-easyvpn.log.zip
15374563-branch-easyvpn.log.zip
28 KB
0 Helpful
5 Replies 5

SIRIPHAN SONMANEE
Level 1
Level 1

‎01-25-2014 08:29 AM

now i re-config until the tunnel connect

BLP-MK#sh crypto sess

Crypto session current status

Interface: Dialer0

Session status: UP-ACTIVE    

Peer: 180.180.246.229 port 500

  IKEv1 SA: local 180.183.235.18/500 remote 180.180.246.229/500 Active

  IPSEC FLOW: permit ip 10.33.103.0/255.255.255.0 10.0.254.0/255.255.255.0

        Active SAs: 2, origin: crypto map

but i can not connect from client @ brand to server @ HQ

Could you please advice my config

0 Helpful

Vasilii Mikhailovskii
Level 7
Level 7

‎01-25-2014 10:22 AM

Hello.

Regarding your original configuration:

On the client side you need to change mode to "network-ext".

Current mode "client" is some sort of NAT into IP-address client received from EzVPN server.

But my concern is your NAT configuration.

You need to review NAT and ensure that inter-site traffic is never NATed.

SIRIPHAN SONMANEE
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎01-25-2014 11:53 AM

thank you for kindly support.

first i think i don't have static ip @ client side so i use ezvpn. but when i try to use ipsec with dynamic. because i don't want to use nat.

now i use the new configuration. if i want to use only routing. Can i connect to Local IP address for both side without NAT.

could you advise my configuration.

0 Helpful

Vasilii Mikhailovskii
Level 7
Level 7
In response to SIRIPHAN SONMANEE

‎01-26-2014 12:30 AM

Hello, Siriphan.

Could you please clarify your requirements?

Is branch's WAN IP-address public (or private)?

Is branch's WAN IP-address static (or dynamic)?

How many sites do you have?

Do you have any other requirement for the design?

Why do you use that strange configuration mixing public and internal IP-addresses:

interface GigabitEthernet0/1

description LAN Link to LAN-Network

ip address 10.0.254.254 255.255.255.0 secondary

ip address 180.180.246.229 255.255.255.252

Why do you apply crypto map (HQ device) on G0/0, but default route goes via G0/0.

Do you configure real devices (or it's your lab)?

0 Helpful

Vasilii Mikhailovskii
Level 7
Level 7

‎01-25-2014 10:25 AM

Regarding your new config: does you client has static IP-address?

Or it's changing every time you reconnect?

If it's static and public (not from RFC1918) then it's better to configure VTI.

How many branches do you have?

Why do you use Easy VPN?

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card