07-16-2020 09:13 AM
Hi,
The VPN connection is working but I am not able to ping a laptop in VLAN 10 (10.0.10.11) with the remote user (192.168.50.2).
I can't ping the VPN user with the router.
Interface: Dialer1 Username: uservpn Group: groupVPN Assigned address: 192.168.50.2 Session status: UP-ACTIVE Peer: 1xx.1xx.183.216 port 11953 Session ID: 0 IKEv1 SA: local xx.200.170.xxx/4500 remote 1xx.1xx.183.216/11953 Active IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 192.168.50.2 Active SAs: 2, origin: dynamic crypto map
hostname RLab ! boot-start-marker boot-end-marker ! ! ! aaa new-model ! ! aaa authentication login userVPN local aaa authorization network groupVPN local ! ! aaa session-id common ethernet lmi ce memory-size iomem 10 ! ! ! ip dhcp excluded-address 10.0.10.1 10.0.10.10 ! ip dhcp pool VLAN100 network 10.0.10.0 255.255.255.0 default-router 10.0.10.1 dns-server 1.1.1.1 domain-name lab.local ! ! ! ip domain name rlab.local ip cef no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO881-SEC-K9 sn xxx ! ! username uservpn secret 5 $1$Sm4e$AcqCbzNJiTkA1LfaQH3Wo1 ! ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp keepalive 10 3 crypto isakmp xauth timeout 5 ! crypto isakmp client configuration group groupVPN key ciscogroupvpn pool VPNPOOL acl VPNACL include-local-lan ! ! crypto ipsec transform-set setVPN esp-aes esp-sha-hmac mode tunnel ! ! ! crypto dynamic-map dynamicVPN 10 set transform-set setVPN reverse-route ! ! crypto map staticMap client authentication list userVPN crypto map staticMap isakmp authorization list groupVPN crypto map staticMap client configuration address respond crypto map staticMap 10 ipsec-isakmp dynamic dynamicVPN ! ! ! ! ! interface FastEthernet0 switchport access vlan 10 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 no ip address ip nat outside ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Vlan1 no ip address ! interface Vlan10 ip address 10.0.10.1 255.255.255.0 no ip redirects ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Dialer1 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname xxx ppp chap password 0 xxx crypto map staticMap ! ip local pool VPNPOOL 192.168.50.1 192.168.50.10 ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list 1 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 ip ssh version 2 ! ip access-list extended VPNACL permit icmp any any permit ip any any ! dialer-list 1 protocol ip permit ! access-list 1 permit any
Do you have an idea ?
Thanks.
Solved! Go to Solution.
07-16-2020 09:17 AM
07-16-2020 09:17 AM
07-16-2020 10:03 AM
Thanks a lot !
access-list 100 deny ip 10.0.10.0 0.0.0.255 192.168.50.0 0.0.0.255 access-list 100 permit ip any any
It works :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide