Re: client to client communication on 7140

frans · ‎12-26-2003

hiya,

Is is possible to enable client to client communication using an 7140 with the Cisco VPN client ?

I'd imagine it would have to be configured something like this:

ip local pool ippool 10.10.20.20 10.10.20.60

and then use the following acl to classify this traffic:

access-list 101 permit ip 10.10.20.0 0.0.0.255 10.10.20.0 0.0.0.255

when pinging from a client to a client the following reply is given:

reply from <router-ip>: destination net unreachable

wishing you all happy holidays

Frans

gfullage · ‎12-26-2003

You should be able to do this. Keep in mind you have to add a route on the 7140 for the client IP pool, and point it out the interface with the crypto map on it. Otherwise the router is just going to try sending this out the inside interface and it'll get lost. With the IP pool you've shown it's difficult to create a route specifying all those addresses, you might want to change your pool to something that can be easily subnetted and then try it.

frans · ‎12-27-2003

Thanks for your response, we tried adding a route

(ip route 10.10.20.0 255.255.255.0 f0/0)

but to no effect. I noticed that the virtual interface on my workstation gets assigned a netmask of 255.0.0.0 when using the 10.x addresses. Changing the pool to 192.168.2.1-254 altered this behaviour and gave a netmask of 255.255.255.0 even though the gateway is running 'ip classless'. Perhaps if I could configure the netmask that is given to the client to 255.255.255.255 things would work better, but I can't seem to find any commands that do that.

Any more tips and tricks would be appreciated.

Frans