Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
312
Views
0
Helpful
1
Replies

Unable to Ping TFTP Address

Vikrant Ambhore
Level 1
Level 1

ā€Ž12-06-2010 03:15 AM - edited ā€Ž03-06-2019 02:22 PM

Hello All,

I did IPSEC setup on 1861 & UC520, but I'm Unable to Ping 10.1.1.1 (BVI1) from VLAN1 of 1861 router but we are able to ping BVI2 (192.168.2.1), also i want to Ping 10.1.1.1 (BVI1) from VLAN100 of 1861,

Can anyone suggest me what conf need to be done  for it, I attached conf of both router

Regards

Vikrant

Labels:
76465-1861.txt.zip
76464-UC 520.txt.zip
0 Helpful
1 Reply 1

Mathias Garcia
Level 1
Level 1

ā€Ž12-09-2010 11:56 AM

The nat on the 1861 indicate that the traffic from VLAN1 (192.168.8.0/24) will

get natted when going towards the BVI1 (10.1.1.0/24 network.)

ip access-list extended NAT-ALLOWED
deny   ip 192.168.8.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 any
deny   ip any 10.0.0.0 0.255.255.255

ACL's are processed from top to bottom. the permit statement on line 2 will take effect before the deny statement on line 3.

Also you dont have the crypto ipsec client ezvpn XXXXXXXXXX inside command on SVI VLAN100.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card