cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2917
Views
0
Helpful
5
Replies

VPN client connection to GNS3 router no ping pass

adnane dakna
Level 1
Level 1

                   Hello , 

I setup a lab scenario for IPSEC remote access using Cisco client under GNS3 , the topolgy of my lab is quiet simple , we connect router to my loopback PC card and cisco client use preshared key to establish session to router , I success to establish connection and  I get IP address from pool configuration , but I was unable to ping loopback interface of my router , the problem seems to be related to my PC because  no packets are captured when I do ping from PC to router's loopback (20.20.20.20.20) , briefly , IPsec session established but without any reachbility from Pc to router (icmp).

Router configuration : 

!

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable password cisco

!

aaa new-model

!

!

aaa authentication login AAA-VPN local

aaa authorization network AAA-VPN local

!

aaa session-id common

memory-size iomem 5

!

!

ip cef

username adnane password 0 adnane

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group vpnall

key adnane

pool VPNPOOL

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynamp 10

set transform-set myset

!

!

crypto map dynamp client authentication list AAA-VPN

crypto map dynamp isakmp authorization list AAA-VPN

crypto map dynamp client configuration address respond

crypto map dynamp 10 ipsec-isakmp dynamic dynamp

!

crypto map vpn client authentication list AAA-VPN

crypto map vpn isakmp authorization list AAA-VPN

crypto map vpn client configuration address respond

interface Loopback0

ip address 20.20.20.20 255.255.255.255

!

interface FastEthernet0/0

ip address 10.10.10.2 255.255.255.0

duplex auto

speed auto

crypto map dynamp

!

interface FastEthernet1/0

no ip address

shutdown

duplex auto

speed auto

!

ip local pool VPNPOOL 30.30.30.1 30.30.30.254

ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

control-plane

line con 0

line aux 0

line vty 0 4

end

5 Replies 5

Abzal
Level 7
Level 7

Hi,

You need to add split tunnel to able access to internal network

access-list 120 permit ip 20.20.20.0 0.0.0.255 30.30.30.0 0.0.0.255

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

the feature split tunneling allow us to access internet and remote LAN VPN simultaneously, normaly when we apply access list to our crypto , the default route in our PC to VPN virtual adaptor is removed , but my problem is not access at same time to internet and VPN , I'm stuck to pass ping packets from PC to loopback router , even we have default gateway is our VPN adaptor when doing wireshark between VPN adaptor and GNS3 routers no icmp packets pass in both ways.

Are you able to ping looback Interface form Router

Jawad

yes sure

Hello ,

actually it work for me , but instead of using MS loopback interface to connect my cisco client to GNS3 router , I use VMnet8 and I launch cisco VPN client from VM machine , the ping pass from VM machine to router without problem , may be it is issue from MS loop back interface..

Thanks for all.

Review Cisco Networking for a $25 gift card