Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1011
Views
0
Helpful
5
Replies

Unable to ping internet from VPN router

Go to solution
whickwire
Level 1
Level 1

‎06-05-2018 05:37 AM - edited ‎03-08-2019 03:15 PM

I am almost entirely sure my problem is a lack of understanding but hopefully someone can't point me in the right direction.

 

Below is my lab at work that I am doing some testing trying to get my VPN to work. Everything so far works well but a problem I am running into is that Router 2 and my VPN router (which is connected to router 2) are unable to ping the internet. Currently Router 1 is performing NAT on the interface that the WAN is coming into (DHCP). Also it should be noted that there is no tunnel up at this time as I figured a good first step would be getting all the routers access to the WAN. The 3550 and Router 1 both work fine.

 

I'm trying to wrap my head around access-lists so currently on Router1 I have it permit any just to rule out and misconfiguration.

 

Thanks!

 

VPN concept (1).png

Labels:
Preview file
133 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrihussey
VIP Alumni
VIP Alumni

‎06-05-2018 07:44 AM

So I think I understand the diagram and what you are trying to accomplish. When you say you can't ping the Internet from R2 or the VPN router i assume that is the Internet cloud or the Archer 750. Regardless, I assume those devices only know of R1's F0/0 DHCP address. Perhaps if you also put "ip nat inside" on the S0/0 interface of R1 you may be able to ping?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
chrihussey
VIP Alumni
VIP Alumni

‎06-05-2018 07:44 AM

So I think I understand the diagram and what you are trying to accomplish. When you say you can't ping the Internet from R2 or the VPN router i assume that is the Internet cloud or the Archer 750. Regardless, I assume those devices only know of R1's F0/0 DHCP address. Perhaps if you also put "ip nat inside" on the S0/0 interface of R1 you may be able to ping?

0 Helpful

Go to solution
whickwire
Level 1
Level 1
In response to chrihussey

‎06-05-2018 08:01 AM

You hit the nail on the head.

 

I noticed it in my config and had a ohhhh right moment. Not to bring things off topic but would making a vpn and having it go through nat require a change in the nat rules?

0 Helpful

Go to solution
chrihussey
VIP Alumni
VIP Alumni
In response to whickwire

‎06-05-2018 08:35 AM

I don't see where the VPN gets NATed in the diagram. Is the VPN from R2 to the Internet?

0 Helpful

Go to solution
whickwire
Level 1
Level 1
In response to chrihussey

‎06-05-2018 08:44 AM

I thought because the internet was coming in through the Router 1 and being NAT'd that it might in someway affect making a tunnel from a device that's not directly connected to that router.

 

Does that make sense?

0 Helpful

Go to solution
chrihussey
VIP Alumni
VIP Alumni
In response to whickwire

‎06-05-2018 11:58 AM

So the tunnel connection from the VPN router goes through R1 to the Internet?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card