11-02-2008 10:30 PM - edited 02-21-2020 03:04 AM
Hi Everyone, I followed some sample configs online and configured my c1841 router to acceppt VPN Client connection.
Now I'm able to connect the VPN Client to the router and able to ping the router's LAN IP address, but I couldn't get to any other computers on the remote network.
my VPN Client's address pool is 192.168.88.1 to 192.168.88.254, the remote site LAN IP is 10.88.88.0/24.
Router IP is 10.88.88.1
I turned on debug ip packet, I can see packets come in when I ping the router LAN IP 10.88.88.1, but when I try to ping another IP 10.88.88.5, there is nothing coming in.
The route print on VPN Client computer is correct, nothing wrong, static routes to the remote network are properly added. Trace route shows the first node is the router WAN IP, and the rest time out.
I've attached my conf file, please help me have a look. I've been trying for a few days, but still can't fix.
Thanks in advanced
11-03-2008 12:31 AM
router# sh crypto ipsec sa
interface: Dialer1
Crypto map tag: SDM_CMAP_1, local addr 116.15.132.166
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.88.5/255.255.255.255/0/0)
current_peer 58.185.121.38 port 4888
PERMIT, flags={}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
#pkts decaps: 47, #pkts decrypt: 47, #pkts verify: 47
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 116.x.132.166, remote crypto endpt.: 58.x.121.38
path mtu 1452, ip mtu 1452, ip mtu idb Dialer1
current outbound spi: 0xD281D3DD(3531723741)
inbound esp sas:
spi: 0x8809AE23(2282335779)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 3001, flow_id: FPGA:1, crypto map: SDM_CMAP_1
sa timing: remaining key lifetime (k/sec): (4392170/3248)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD281D3DD(3531723741)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 3002, flow_id: FPGA:2, crypto map: SDM_CMAP_1
sa timing: remaining key lifetime (k/sec): (4392178/3248)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
-==========================
here is the strange part, my local ident is 0.0.0.0:
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
11-04-2008 12:04 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide