02-21-2013 07:21 AM - edited 03-04-2019 07:06 PM
Hello ,
I setup a lab scenario for IPSEC remote access using Cisco client under GNS3 , the topolgy of my lab is quiet simple , we connect router to my loopback PC card and cisco client use preshared key to establish session to router , I success to establish connection and I get IP address from pool configuration , but I was unable to ping loopback interface of my router , the problem seems to be related to my PC because no packets are captured when I do ping from PC to router's loopback (20.20.20.20.20) , briefly , IPsec session established but without any reachbility from Pc to router (icmp).
Router configuration :
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
aaa new-model
!
!
aaa authentication login AAA-VPN local
aaa authorization network AAA-VPN local
!
aaa session-id common
memory-size iomem 5
!
!
ip cef
username adnane password 0 adnane
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnall
key adnane
pool VPNPOOL
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynamp 10
set transform-set myset
!
!
crypto map dynamp client authentication list AAA-VPN
crypto map dynamp isakmp authorization list AAA-VPN
crypto map dynamp client configuration address respond
crypto map dynamp 10 ipsec-isakmp dynamic dynamp
!
crypto map vpn client authentication list AAA-VPN
crypto map vpn isakmp authorization list AAA-VPN
crypto map vpn client configuration address respond
interface Loopback0
ip address 20.20.20.20 255.255.255.255
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.0
duplex auto
speed auto
crypto map dynamp
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
ip local pool VPNPOOL 30.30.30.1 30.30.30.254
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
control-plane
line con 0
line aux 0
line vty 0 4
end
02-21-2013 08:47 AM
Hi,
You need to add split tunnel to able access to internal network
access-list 120 permit ip 20.20.20.0 0.0.0.255 30.30.30.0 0.0.0.255
http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4
Sent from Cisco Technical Support iPhone App
02-22-2013 02:00 AM
the feature split tunneling allow us to access internet and remote LAN VPN simultaneously, normaly when we apply access list to our crypto , the default route in our PC to VPN virtual adaptor is removed , but my problem is not access at same time to internet and VPN , I'm stuck to pass ping packets from PC to loopback router , even we have default gateway is our VPN adaptor when doing wireshark between VPN adaptor and GNS3 routers no icmp packets pass in both ways.
02-22-2013 03:14 AM
Are you able to ping looback Interface form Router
02-22-2013 03:23 AM
yes sure
02-22-2013 04:19 AM
Hello ,
actually it work for me , but instead of using MS loopback interface to connect my cisco client to GNS3 router , I use VMnet8 and I launch cisco VPN client from VM machine , the ping pass from VM machine to router without problem , may be it is issue from MS loop back interface..
Thanks for all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide