not able to reach the network beyound VPN-Concentrator

arvenugopal · ‎04-21-2004

Iam doing a l2tp between the 3COM RAS and the Cisco Router. that is establishing successfully iam able to login the vpn concentrator

using the VPN Cisco VPN client 3.0. Iam unable to ping the 3.3.3.0/24 network iam attaching the configs any suggestion

this is the network diagram

PC----[3com-Ras-LAC]-----[LNS]---[VPN-CONCentrator]----|->3.3.3.0/24 network

is there any config i have do other than this.

Config

*******

!

username xxxx password xxxx

aaa new-model

!

aaa authentication ppp default local

aaa session-id common

ip subnet-zero

!

ip cef

!

vpdn enable

!

vpdn-group 1

accept-dialin

protocol l2tp

virtual-template 1

terminate-from hostname HiPer

local name Cisco

force-local-chap

l2tp tunnel password xxx

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/2

ip address 1.x.x.x.x.255.252

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/3

ip address 110.x.x.x.255.255.224

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface Virtual-Template1

ip unnumbered GigabitEthernet0/3

peer default ip address pool test

ppp authentication pap

!

ip local pool test 192.168.1.1

ip classless

ip route 0.0.0.0 0.0.0.0 110.18.5.65

no ip http server

no ip http secure-server

!

end

VPN-concentrator

****************

VPN-Concentrator#sh run

Building configuration...

Current configuration : 2403 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname VPN-Concentrator

!

boot-start-marker

boot system disk2:c7200-ik9s-mz.123-6a.bin

boot-end-marker

!

username xxx password xxx

username xxxx password xxxx

no aaa new-model

ip subnet-zero

!

ip cef

!

vpdn enable

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group vpnclient

key cisco123

dns 1.1.1.1

domain sify.com

pool ippool

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

interface GigabitEthernet0/1

ip address 3.3.3.1 255.255.255.0

duplex auto

speed auto

media-type rj45

no negotiation auto

no cdp enable

crypto map clientmap

!

interface GigabitEthernet0/2

ip address 1.1.1.1 255.255.255.252

duplex auto

speed auto

media-type rj45

no negotiation auto

no cdp enable

crypto map clientmap

!

interface GigabitEthernet0/3

ip address 110.18.5.67 255.255.255.224

duplex auto

speed auto

media-type rj45

no negotiation auto

no cdp enable

crypto map clientmap

ip local pool ippool 14.x.x.x.1.1.200

ip classless

ip route 0.0.0.0 0.0.0.0 110.18.5.65

ip route 192.168.1.1 255.255.255.255 1.1.1.2

no ip http server

no ip http secure-server

omsantos · ‎04-22-2004

Hi,

Are you at least able to ping Interface GigabitEthernet0/1 which has the ip address 3.3.3.1? If no, we need to make sure that the ESP encrypted packets are not being blocked. If you are able to ping it, please make sure that the devices on the 3.3.3.0/24 network know that in order for them to talk to the 14.1.1.X pool (vpn client assigned addresses) they need to talk to 3.3.3.1...

venugopal · ‎04-24-2004

iam unable to ping the 3.3.3.1 how do i acheive this

any help will be appreciated