08-30-2009 07:18 PM
Hi.
I configured a C2811 as Easy VPN Server. I made successfull VPN connections but i can't ping internal networks.
I read on this forum some issues related to NAT. I took in account all of theme, but i still can't ping internal servers.
I saw statistics on VPN Client and the decrypted bytes counter ever is "0".
I attached configuration.
Thanks in advanced.
Solved! Go to Solution.
08-31-2009 07:58 AM
Just wondering whether you verified routing to/from the client address pool to/from your servers. Since you don't have a routing protocol configured, it might be one thing to check.
HTH
08-31-2009 07:58 AM
Just wondering whether you verified routing to/from the client address pool to/from your servers. Since you don't have a routing protocol configured, it might be one thing to check.
HTH
08-31-2009 12:04 PM
Thanks for your message.
I verified routing and I guess is fine. But i can't ping nothing, for example a directly connected interface like Fa0/0 on 2811.
I really concerned about why i didn't see decrypted packets. I think because we dont have return traffic.
09-01-2009 04:47 AM
Hi and Thanks a lot.
You resolved my problem. Let me show you.
I eliminated RRI (Reverse Route Injection) for my VPN group and add a explicit route like that:
ip route 10.20.X.X 255.X.X.X Loopback 0
A route that points to crypto map applied interface and that's all. 10.20.X.X is VPN pool network.
09-01-2009 05:15 AM
That's great! Thanks for the rating.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide