VPN client connection to GNS3 router no ping pass

adnane dakna · ‎02-21-2013

Hello ,

I setup a lab scenario for IPSEC remote access using Cisco client under GNS3 , the topolgy of my lab is quiet simple , we connect router to my loopback PC card and cisco client use preshared key to establish session to router , I success to establish connection and I get IP address from pool configuration , but I was unable to ping loopback interface of my router , the problem seems to be related to my PC because no packets are captured when I do ping from PC to router's loopback (20.20.20.20.20) , briefly , IPsec session established but without any reachbility from Pc to router (icmp).

Router configuration :

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable password cisco

!

aaa new-model

!

aaa authentication login AAA-VPN local

aaa authorization network AAA-VPN local

!

aaa session-id common

memory-size iomem 5

!

ip cef

username adnane password 0 adnane

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group vpnall

key adnane

pool VPNPOOL

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynamp 10

set transform-set myset

!

crypto map dynamp client authentication list AAA-VPN

crypto map dynamp isakmp authorization list AAA-VPN

crypto map dynamp client configuration address respond

crypto map dynamp 10 ipsec-isakmp dynamic dynamp

!

crypto map vpn client authentication list AAA-VPN

crypto map vpn isakmp authorization list AAA-VPN

crypto map vpn client configuration address respond

interface Loopback0

ip address 20.20.20.20 255.255.255.255

!

interface FastEthernet0/0

ip address 10.10.10.2 255.255.255.0

duplex auto

speed auto

crypto map dynamp

!

interface FastEthernet1/0

no ip address

shutdown

duplex auto

speed auto

!

ip local pool VPNPOOL 30.30.30.1 30.30.30.254

ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

control-plane

line con 0

line aux 0

line vty 0 4

end

Abzal · ‎02-21-2013

Hi,

You need to add split tunnel to able access to internal network

access-list 120 permit ip 20.20.20.0 0.0.0.255 30.30.30.0 0.0.0.255

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

adnane dakna · ‎02-22-2013

the feature split tunneling allow us to access internet and remote LAN VPN simultaneously, normaly when we apply access list to our crypto , the default route in our PC to VPN virtual adaptor is removed , but my problem is not access at same time to internet and VPN , I'm stuck to pass ping packets from PC to loopback router , even we have default gateway is our VPN adaptor when doing wireshark between VPN adaptor and GNS3 routers no icmp packets pass in both ways.

jawad-mukhtar · ‎02-22-2013

Are you able to ping looback Interface form Router

Jawad

adnane dakna · ‎02-22-2013

yes sure

adnane dakna · ‎02-22-2013

Hello ,

actually it work for me , but instead of using MS loopback interface to connect my cisco client to GNS3 router , I use VMnet8 and I launch cisco VPN client from VM machine , the ping pass from VM machine to router without problem , may be it is issue from MS loop back interface..

Thanks for all.