I have a site to site IPSEC VPN setup. The tunnel is up.

I can ping the other side from the router by doing ping 172.16.175.5 source 192.168.9.1 also works from 192.168.10.1

That command comes back with a success.. The problem is though that I can't ping the remote LAN from any of the client computers connected to the router. It just times out.

The gateway on the clients is the routers inside IP 192.168.10.1

I am able to connect to the internet and ping the local LAN from all the clients.

Here's my config. (IP's are masked for security reasons)

Current configuration : 3019 bytes

!

! Last configuration change at 20:57:58 UTC Wed May 9 2018

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CP-RT-01

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 u/DpzaRng4tz3KhoLiS9QFFXLoQBXqKuI55fQ0lSEaQ

!

no aaa new-model

!

!

dot11 syslog

ip source-route

!

ip cef

!

!

ip dhcp excluded-address 192.168.10.1 192.168.10.99

!

ip dhcp pool dpool10

 import all

 network 192.168.10.0 255.255.255.0

 default-router 192.168.10.1 

 dns-server 192.168.10.40 192.168.10.41 

!

ip dhcp pool dpool9

 import all

 network 192.168.9.0 255.255.255.0

 default-router 192.168.9.1 

 dns-server 8.8.8.8 8.8.4.4 

!

!

no ip domain lookup

ip domain name xxxxxxxxxxx.com

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

crypto pki token default removal timeout 0

!

!

!

!

license udi pid CISCO3825 sn FTX1325AHNF

archive

 log config

  hidekeys

!

redundancy

!

!

! 

!

crypto isakmp policy 100

 encr aes

 authentication pre-share

 group 14

 lifetime 28800

crypto isakmp key xxxxxxxx address a.b.c.d no-xauth

!

!

crypto ipsec transform-set aesset esp-aes esp-sha-hmac 

!

crypto map aesmap 100 ipsec-isakmp 

 set peer a.b.c.d

 set transform-set aesset 

 set pfs group14

 match address acl_vpn

!         

!

!         

!

!         

!

interface GigabitEthernet0/0

 description LAN DATA

 ip address 192.168.10.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

 media-type rj45

!         

interface GigabitEthernet0/0.9

 description LAN VOICE

 encapsulation dot1Q 9

 ip address 192.168.9.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

!

interface GigabitEthernet0/1

 description WAN

 ip address a.b.c.e 255.255.255.252

 ip nat outside

 ip virtual-reassembly in

 duplex auto

 speed auto

 media-type rj45

 crypto map aesmap

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!         

ip nat inside source list acl_nat interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 a.b.c.f

ip route 172.16.175.0 255.255.255.0 GigabitEthernet0/1

ip route 172.16.250.0 255.255.255.0 GigabitEthernet0/1

!

ip access-list extended acl_nat

 deny   ip 192.168.10.0 0.0.0.255 172.16.175.0 0.0.0.255

 deny   ip 192.168.9.0 0.0.0.255 172.16.175.0 0.0.0.255

 deny   ip 192.168.10.0 0.0.0.255 172.16.250.0 0.0.0.255

 deny   ip 192.168.9.0 0.0.0.255 172.16.250.0 0.0.0.255

 permit ip 192.168.10.0 0.0.0.255 any

 permit ip 192.168.9.0 0.0.0.255 any

ip access-list extended acl_vpn

 permit ip 192.168.10.0 0.0.0.255 172.16.175.0 0.0.0.255

 permit ip 192.168.9.0 0.0.0.255 172.16.175.0 0.0.0.255

 permit ip 192.168.10.0 0.0.0.255 172.16.250.0 0.0.0.255

 permit ip 192.168.9.0 0.0.0.255 172.16.250.0 0.0.0.255

!         

!

!         

!

!         

!

!         

control-plane

!         

!

!         

mgcp fax t38 ecm

!         

mgcp profile default

!         

!

!         

!

!         

!

line con 0

line aux 0

line vty 0 4

 password xxxssxxx

 login    

 transport input telnet ssh

line vty 5 924

 password xxxxxxx

 login    

 transport input telnet ssh

!         

scheduler allocate 20000 1000

end