Hi,
I have configured my Cisco 1811 router (Lab environemnt) as follows:
VPN settings for remote clients
crypto isakmp client configuration group 3000client
key XXXXXX
dns 8.8.8.8
domain cisco.local
pool ippool
acl 108
VLAN settings
interface FastEthernet7
switchport access vlan 108
!
interface FastEthernet8
switchport access vlan 100
!
interface FastEthernet9
switchport access vlan 66
!
interface Vlan66
ip address 192.168.7.252 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan100
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
!
interface Vlan108
ip address 10.10.10.9 255.255.255.248
!
Split-tunnel ACL for VPN clients
access-list 108 permit ip 10.10.10.0 0.0.0.7 14.1.1.0 0.0.0.255
NAT ACL for VPN and local VLANs
ip nat inside source route-map NONAT interface Dialer0 overload
access-list 112 deny ip 10.10.10.0 0.0.0.7 14.1.1.0 0.0.0.255
access-list 112 deny ip 192.168.7.0 0.0.0.255 14.1.1.0 0.0.0.255
access-list 112 permit ip 10.10.10.0 0.0.0.7 any
route-map NONAT permit 10
match ip address 112
I underestand 10.10.10.7 is the broadcast address of Vlan100.
When I connect a VPN client and ping the remote VLAN 10.10.10.1 and then ping 10.10.10.7, the output is as follows:
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=50ms TTL=255
Pinging 10.10.10.7 with 32 bytes of data:
Reply from 85.176.X.X: bytes=32 time=55ms TTL=255
Question #1: I understand ACL 112 does NAT for 10.10.10.1-6 but not 10.10.10.7. How sould ACL 112 look like?
Question #2: Is it normal to get a reply when you ping a broadcast address at all?
Any help is appreciated!
Kind Regards,
Sebastian