I am a real amateur here. I have configured a cisco VPN server, group and user on an SRP527W, ADSL2+ AnnexA, 802.11n ETSI, 2FXS/1FXO. I can connect from my PC with the Cicso VPN client on it (I get the banner) but I cannot ping into the local network at all. Once I do get in I will be using shares to work on files or VNC to take over a CAD workstation.
I am sure I just have not set up something but I don't know where to look. My local network is 192.168.15.***
Please put me right.
My setup is
Try changing the starting IP address to 192.168.15.0, that way the VPN clients will get an IP address in the same network as the locally connected machines.
Since you say you are able to connect it all looks correct to me except you are handing out a a different subnet to your VPN clients.
One other thing I wanted to mention is that once it is up and working you will be able to access file shares from the computers on the local network, however you usually have to do it by IP address instead of the computer's name. So, for example, instead of //Server1/Sharename you would have to use //192.168.1.10/Sharename to access those shares.
Let me know how that goes.
Network Support Engineer - Cisco Small Business Support Center
*please rate helpful posts*
It appears that the VPN client must be on a separate network to any VLAN: If I try an address range matching a local VLAN I get this:
I was careful to select a range within 192.168.15 that was not allocated to anything.
The main thing to watch out for, is that the DNS server you hand out to the VPN pool, is on the same network as your VPN pool, or local subnet. Then dns resolution will work. Also if you want to browse by name, then add a WINS server to the list.
If you cannot ping the hosts (by IP address) on the local network, then it sounds like you have a NAT problem. which have to be invetsigated further, or an ACL which is prohibiting the ping, or a workstation firewall which is blocking the ping response.
The DNS server I allocated was 192.168.15.1 which is the router itself and is on VLAN1.
The router looks out to 22.214.171.124 which is the DNS server provided by the ISP.
the setup of VLAN1 is this:
While in the local network I can ping many devices, but not when I am outside looking in with VPN Client. I think that the problem lies in my setup of the Cisco not in the local network.
If in the firewall I untick 'Filter Anonymous Internet Requests' then I can ping the router itself on its WAN address but I still cannot see anything on the 192.168.15 network.
I am also unable to ping out to 192.168.0.100 (the address of the VPN client) from within the local network.
then you must have a NAT (or more precise a No_NAT) problem.
dont allow ping to the WAN interface.
have a look at your ACL list
you should have denies for all your vpn addresses, the an allow all
or run the vpn wizard again, it should ask you about not NATing communications between the 2 networks.
thanks for the help but not working yet.
My NAT setup looks like this:
I tried enabling all the ALG items but still did not get any ping through. I note in the VPN client status that:
Only the discarded packets counter is moving, the others are 0
Route details are empty.
I have no ports forwarded. Should I?
This router does not seem to have a VPN wizard.
I also have InterVLan disabled to keep the guest VLAN away from the internal one. The router does not have a proper Guest system so I used this to isolate the guest LAN:
It turned out to be the Cisco VPN client. As they won't give it to small users (I tried to buy it too) I eventually found the ShrewSoft one. This connects in fine.