cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
906
Views
0
Helpful
5
Replies

Easy Client Vpn Cisco 877 Sdm Error, (no ping Lan)?¿?HELP!!

Cisquito19
Level 1
Level 1

Good Morning Friends, my name is David and I am manager of a small business network.
I am familiar with the model 800 series routers, Cisco ASA 1800 and, with an average approx.

I'm 95% successfully performing a connection from Cisco VPN client, but fails Lan connectivity.

I put an example from my topology.

The vpn client connection with the cisco 877 is correct.
The ping from the vpn client with cisco 877 remote 192.168.0.254 is correct.

The ping from the remote vpn client to 192.168.0.119 Lan is not correct.

Terminal server access from vpn client to the LAN equipment is not correct 192.68.0.119

I have also proven with other computers on the network does not work correctly.

Enclosed is my running to see if together we can fix it, thank you very much for everything and the time to look at my question.

Sorry for my English.

vpn3.JPGvpn2.JPGvpn1.JPGping.JPGvpn client.JPG

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

First, your ip pool subnet needs to be in a unique subnet. It can't be in the same subnet as your internal network.

Once you have changed your ip pool to be in a different subnet, then you would need to change the NAT ACL 1 to an extended ACL.

This ACL should say the following:

access-list 150 deny ip 192.168.0.0 0.0.0.255

access-list 150 permit ip 192.168.0.0 0.0.0.255 any

ip nat inside source list 150 interface Dialer0 overload

no ip nat inside source list 1 interface Dialer0 overload

You should be able to ping your internal LAN hosts after the above changes.

At this point, you won't be able to RDP to 192.168.0.119 because you configured static port redirection below:

ip nat inside source static tcp 192.168.0.119 3389 interface Dialer0 3389

Please try if you can RDP to Dialer0 interface ip address when you are VPN in.

Thank you very much for the contribution!,
What I will do is the following, I will reset cisco router 877 and reconfigure the VPN client again.

The pool of addresses I set it on a different subnet 192.168.3.1 255.255.255.0 192.168.3.5

I have a doubt in configures the split tunneling, which I have to put subnet??

The 192.168.0.0 or 192.168.3.0
??

Thanks for everything!

Split tunnel should say:

permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255

Jennifer is all ok!

In the end I reset the router, I configured the pool of addresses in the 192.168.3.5 and 192.168.3.1 on 192.168.0.0 tuneling split and everything ok

Connect to vpn ok!

Connect with Lan ok!
Access terminal server ok!

THANK YOU!

Perfect, thanks for the update.

Please kindly mark the post as answered. Thank you.