cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

156
Views
0
Helpful
4
Replies
Highlighted
Beginner

telnet issue with private ip while no issue with public ip

dear all,

need your help i have ipsec split tunnel with branch router once i put ipsec parameter & establish the ip sec after that the LAN (private address) is not working properly sometime telnet the LAN ip is working but frequently terminate the session and the WAN (public ) is smoothly working no issue with telnet & second also facing packets drops on lan but no drops on wan need you suggestion please   

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate

Re: telnet issue with private ip while no issue with public ip

Hi,

Please share your VPN Configuration.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!

View solution in original post

4 REPLIES 4
VIP Advocate

Re: telnet issue with private ip while no issue with public ip

Hi,

Please share your VPN Configuration.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!

View solution in original post

Beginner

Re: telnet issue with private ip while no issue with public ip

dear team,

please find below

crypto isakmp policy 2
encr aes 256
authentication pre-share
group 2
crypto isakmp key abraj address 62.149.81.49
!
!
crypto ipsec transform-set new esp-aes 256 esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to62.149.81.49
set peer 62.149.81.49
set transform-set new
match address 100
!
!
!
!
interface FastEthernet0/0
description WAN-PORT-FDR15-Sw1-4/47
ip address 10.16.118.100 255.255.255.0
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
description LAN-PORT-FDR15-Sw1-4/48
ip address 10.64.77.10 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.16.118.250
ip route 10.65.168.0 255.255.255.0 10.10.20.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/0 overload
!
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.64.4.0 0.0.3.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.65.168.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.67.33.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 172.25.124.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.67.32.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 101 remark CCP_ACL Category=16
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.67.32.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 172.25.124.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.67.33.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.65.168.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.64.4.0 0.0.3.255
access-list 101 permit ip 10.64.77.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
!
route-map SDM_RMAP_2 permit 1
match ip address 101
!
!
!

VIP Mentor

Re: telnet issue with private ip while no issue with public ip

Hello,

 

try and make the split tunnel access lists exact mirrors of each other. So, make access list 101 look like below:

 

--> no access-list 101

 

access-list 101 deny ip 10.64.77.0 0.0.0.255 10.64.4.0 0.0.3.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.65.168.0 0.0.0.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.67.33.0 0.0.0.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 172.25.124.0 0.0.0.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.67.32.0 0.0.0.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 permit ip 10.64.77.0 0.0.0.255 any

Beginner

Re: telnet issue with private ip while no issue with public ip

hi,

 

i try same which you provide me but still the issue with telnet and packets drops 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here