05-31-2012 05:43 PM
Experts,
I have an interesting issue, I am able to authenticate and connect my cisco vpn client to my Cisco880K9 router.
My internal network is: 10.10.1.0
My VPN IP Pool is: 10.10.2.2-10.10.2.250
My external Public ip address is: 192.198.46.14
When I connect with my vpn client I get my vpn pool address 10.10.2.2.
IF I ping my server 10.10.1.2 I get a response from my public IP Address.
Example:
Pinging 10.10.1.2 with 32 bytes of data:
Reply from 192.198.46.14: bytes=32 time=45ms TTL=127
Reply from 192.198.46.14: bytes=32 time=50ms TTL=127
Reply from 192.198.46.14: bytes=32 time=42ms TTL=127
Reply from 192.198.46.14: bytes=32 time=45ms TTL=127
I am attaching my configuration file. It is pretty much a copy from the following link:
Thanks for the help
Solved! Go to Solution.
05-31-2012 07:28 PM
Please kindly configure NAT exemption as follows:
access-list 120 deny ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255
access-list 120 permit ip 10.10.1.0 0.0.0.255 any
ip nat inside source list 120 interface FastEthernet4 overload
no ip nat inside source list 1 interface FastEthernet4 overload
Then clear the translation: clear ip nat trans *
06-01-2012 07:51 PM
The reason why you can't remote desktop is because you have configured the following static PAT statement that unfortunately take precedence over your NAT exemption:
ip nat inside source static tcp 10.10.1.2 3389 192.198.46.14 3389 extendable
Do you require RDP with the public IP? if you don't and only require RDP via VPN, then please take the static PAT statement out, and RDP via VPN will work.
05-31-2012 07:28 PM
Please kindly configure NAT exemption as follows:
access-list 120 deny ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255
access-list 120 permit ip 10.10.1.0 0.0.0.255 any
ip nat inside source list 120 interface FastEthernet4 overload
no ip nat inside source list 1 interface FastEthernet4 overload
Then clear the translation: clear ip nat trans *
06-01-2012 09:58 AM
Jennifer, thank you very much for the tip, I will schedule the downtime and try this configuration.
06-01-2012 11:43 AM
Jennifer,
Thanks for your help, I can now ping the private ip address with the acl that you have provided.
My only problem at this moment is that I can not remote desktop to the server,any ideas?
Remote desktop does work if I do it from the local lan.
06-01-2012 07:51 PM
The reason why you can't remote desktop is because you have configured the following static PAT statement that unfortunately take precedence over your NAT exemption:
ip nat inside source static tcp 10.10.1.2 3389 192.198.46.14 3389 extendable
Do you require RDP with the public IP? if you don't and only require RDP via VPN, then please take the static PAT statement out, and RDP via VPN will work.
06-03-2012 07:38 PM
Jennifer, I have to say that you know what you are talking about! Thanks a bunch!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide