04-21-2004 08:52 PM
Iam doing a l2tp between the 3COM RAS and the Cisco Router. that is establishing successfully iam able to login the vpn concentrator
using the VPN Cisco VPN client 3.0. Iam unable to ping the 3.3.3.0/24 network iam attaching the configs any suggestion
this is the network diagram
PC----[3com-Ras-LAC]-----[LNS]---[VPN-CONCentrator]----|->3.3.3.0/24 network
is there any config i have do other than this.
Config
*******
!
!
username xxxx password xxxx
aaa new-model
!
!
aaa authentication ppp default local
aaa session-id common
ip subnet-zero
!
!
ip cef
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname HiPer
local name Cisco
force-local-chap
l2tp tunnel password xxx
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/2
ip address 1.x.x.x.x.255.252
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/3
ip address 110.x.x.x.255.255.224
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/3
peer default ip address pool test
ppp authentication pap
!
ip local pool test 192.168.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 110.18.5.65
no ip http server
no ip http secure-server
!
end
VPN-concentrator
****************
VPN-Concentrator#sh run
Building configuration...
Current configuration : 2403 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname VPN-Concentrator
!
boot-start-marker
boot system disk2:c7200-ik9s-mz.123-6a.bin
boot-end-marker
!
username xxx password xxx
username xxx password xxx
username xxxx password xxxx
no aaa new-model
ip subnet-zero
!
!
ip cef
!
vpdn enable
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key cisco123
dns 1.1.1.1
domain sify.com
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface GigabitEthernet0/1
ip address 3.3.3.1 255.255.255.0
duplex auto
speed auto
media-type rj45
no negotiation auto
no cdp enable
crypto map clientmap
!
interface GigabitEthernet0/2
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
no negotiation auto
no cdp enable
crypto map clientmap
!
interface GigabitEthernet0/3
ip address 110.18.5.67 255.255.255.224
duplex auto
speed auto
media-type rj45
no negotiation auto
no cdp enable
crypto map clientmap
ip local pool ippool 14.x.x.x.1.1.200
ip classless
ip route 0.0.0.0 0.0.0.0 110.18.5.65
ip route 192.168.1.1 255.255.255.255 1.1.1.2
no ip http server
no ip http secure-server
04-22-2004 12:20 PM
Hi,
Are you at least able to ping Interface GigabitEthernet0/1 which has the ip address 3.3.3.1? If no, we need to make sure that the ESP encrypted packets are not being blocked. If you are able to ping it, please make sure that the devices on the 3.3.3.0/24 network know that in order for them to talk to the 14.1.1.X pool (vpn client assigned addresses) they need to talk to 3.3.3.1...
04-24-2004 05:45 AM
iam unable to ping the 3.3.3.1 how do i acheive this
any help will be appreciated
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide