Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
632
Views
0
Helpful
1
Comments

ezvpn can not ping internal network

guangfu_chen
Level 1
Level 1

on ‎08-13-2012 07:24 PM

Topology:  ISP---2811---Juniper--inside network

I have configured ezvpn  on 2811,  and can dial successfully,but   can't  ping inside interface of 2811

I don't know  why ,  please help me

Labels:
133280-CDG2811 0814.zip
0 Helpful
Comments
Patrick Moubarak
Level 4
Level 4
‎10-04-2012 09:53 AM

Hi,

I think you are missing the NAT Exemption part of your configuration. Try creating an ACL that denies traffic source internal networks destination VPN subnet from being NATted; then change your nat statement from source list (ACL) to source route-map which references the ACL.

I read somewhere that Cisco recommends using source route-map instead of source ACL for additional configuration flexibility...

access-list 100 deny ip 192.168.200.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 100 permit ip any any

route-map NAT_EXEMPT permit 10

match ip address 100

ip nat inside source route-map NAT_EXEMPT interface FastEthernet0/1 overload

Hope this resolves the problem...

Patrick

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents