cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

221
Views
0
Helpful
1
Replies
Highlighted

Unable to Ping TFTP Address

Hello All,

I did IPSEC setup on 1861 & UC520, but I'm Unable to Ping 10.1.1.1 (BVI1) from VLAN1 of 1861 router but we are able to ping BVI2 (192.168.2.1), also i want to Ping 10.1.1.1 (BVI1) from VLAN100 of 1861,

Can anyone suggest me what conf need to be done  for it, I attached conf of both router

Regards

Vikrant

1 REPLY 1
Highlighted
Beginner

Re: Unable to Ping TFTP Address

The nat on the 1861 indicate that the traffic from VLAN1 (192.168.8.0/24) will

get natted when going towards the BVI1 (10.1.1.0/24 network.)

ip access-list extended NAT-ALLOWED
deny   ip 192.168.8.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 any
deny   ip any 10.0.0.0 0.255.255.255

ACL's are processed from top to bottom. the permit statement on line 2 will take effect before the deny statement on line 3.

Also you dont have the crypto ipsec client ezvpn XXXXXXXXXX inside command on SVI VLAN100.

CreatePlease to create content
Content for Community-Ad