05-31-2015 02:39 AM - edited 02-21-2020 08:15 PM
Hi
The following is my scenario and i am trying to do remote access vpn. I am able to connect to Cisco router from vpn client but i am not able to ping to the LAN PC from the vpn client pc.
VPN CLIENT PC--------------------------------ROUTER---------------------------LAN PC
172.30.1.0/24 10.0.1.0/24
The following is my configuration:
crypto isakmp enable
crypto isakmp policy 110
encryption 3des
hash md5
authentication pre-share
group 2
exit
crypto isakmp identity address
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
exit
ip access-list extended SPLIT
permit ip 10.0.1.0 0.0.0.255 any
exit
ip local pool Remote-Pool 10.0.1.100 10.0.1.150
aaa new-model
aaa authorization network vpn-group local
aaa authentication login vpn-users local
exit
username cisco password cisco
crypto isakmp client configuration group R6
key VPNKEY
pool Remote-Pool
acl SPLIT
exit
crypto dynamic-map dmap 10
set transform-set myset
reverse-route
exit
crypto map mymap client configuration address respond
crypto map mymap isakmp authorization list vpn-group
crypto map mymap client authentication list vpn-users
crypto map mymap 65535 ipsec-isakmp dynamic dmap
int f0/1
crypto map mymap
exit
05-31-2015 07:36 AM
Have you exempted the VPN traffic from any NAT policy?
05-31-2015 08:02 AM
no i did not configure any nat in this lab.
06-01-2015 04:28 AM
Hi,
Do you see the ipsec sa with encrypts and decrypts on the router?
show cry ips sa peer <client public ip>
Does the PC has return route to VPN pool
HTH
Abaji.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide