Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
872
Views
0
Helpful
3
Replies

Remote access VPN with Cisco Router - Can not get the Internal Lan .

milon
Level 1
Level 1

‎09-05-2014 01:33 AM - edited ‎02-21-2020 07:48 PM

Dear Sir , I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue. Below is the IP address of the device. Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01 IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01 IP address:10.10.10.1 Mask:255.255.255.0 F0/0 IP Address :20.20.20.1 Mask :255.255.255.0 F0/1 IP address :192.168.1.3 Mask:255.255.255.0 F0/0 IP address :20.20.20.2 Mask :255.255.255.0 F0/1 IP address :192.168.1.1 Mask:255.255.255.0 I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2. Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0 Need your help to fix the problem. Router R2 Configuration :! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface FastEthernet0/0 ip address 20.20.20.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.10.10.1 255.255.255.0 duplex auto speed auto ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end Router R1 Configuration : ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! aaa new-model ! ! aaa authentication login USERAUTH local aaa authorization network NETAUTHORIZE local ! aaa session-id common memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username vpnuser password 0 strongpassword ! ! ip tcp synwait-time 5 ! crypto keyring vpnclientskey pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123 ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group remotevpn key cisco123 dns 192.168.1.2 wins 192.168.1.2 domain mycompany.com pool vpnpool acl VPN-ACL crypto isakmp profile remoteclients description remote access vpn clients keyring vpnclientskey match identity group remotevpn client authentication list USERAUTH isakmp authorization list NETAUTHORIZE client configuration address respond ! ! crypto ipsec transform-set TRSET esp-3des esp-md5-hmac ! crypto dynamic-map DYNMAP 10 set transform-set TRSET set isakmp-profile remoteclients ! ! crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP ! ! ! ! interface FastEthernet0/0 ip address 20.20.20.1 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto crypto map VPNMAP ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! ip local pool vpnpool 192.168.50.1 192.168.50.10 ip forward-protocol nd ip route 10.10.10.0 255.255.255.0 FastEthernet0/0 ! ! no ip http server no ip http secure-server ip nat inside source list NAT-ACL interface FastEthernet0/0 overload ! ip access-list extended NAT-ACL deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 any ip access-list extended VPN-ACL permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 ! ! end
1 person had this problem
Labels:
0 Helpful
3 Replies 3

nkarthikeyan
Level 7
Level 7

‎09-05-2014 02:01 AM

Hi,

 

Your post is not clear and text copied in a uneven format..... can you attach your configuration as a file....?

 

also have you disconnected the lan cable when you simulate the VPN?

have you tried the ping after shutting down the firewall in your cloud pc (ms loopback)?

 

Have you given route print and checked the access is provided?

 

Regards

Karthik
 

0 Helpful

milon
Level 1
Level 1
In response to nkarthikeyan

‎09-05-2014 02:36 AM

Dear All,

I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .

Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.

 

Waiting for your responce .

 

--Milon

Preview file
165 KB
Preview file
19 KB
Preview file
41 KB
0 Helpful

Roy Olarte
Level 1
Level 1
In response to milon

‎01-04-2015 10:07 PM

hi,

Is it already been resolved?

Same experience here, I'm also simulating remote acces on IOS router.

0 Helpful
Customers Also Viewed These Support Documents