Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
0
Helpful
0
Replies

router cisco 887 configure client VPN cannot ping my gateway

pm.desnoe1
Level 1
Level 1

‎08-28-2015 09:24 AM

Hi,

I'd like to create a ipsec tunnel from my router 887 to any client VPN but that's not working.

I've got a good IP from my client vpn (172.16.2.1/16) but a wrong gateway (172.16.0.1)

I cannot ping my gateway 172.16.0.254 or my server, why ? any idea is welcome ;)

 

My network

!

LAN SERVER : 172.16.0.1/16

!

ROUTER : 172.16.0.254/16

!

CLIENT VPN : 172.16.2.254/16

!

!

Building configuration...

!
! Last configuration change at 16:54:38 WET Fri Aug 28 2015 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname ROUTER1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 <removed>
enable password 7 <removed>
!
aaa new-model
!
!
aaa authentication login VPN_CLIENT_LOGIN local
aaa authorization network VPN_CLIENT_GROUP local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone WET 1 0
!
crypto pki trustpoint TP-self-signed-1071998598
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1071998598
 revocation-check none
 rsakeypair TP-self-signed-1071998598
!
!
crypto pki certificate chain TP-self-signed-1071998598
 certificate self-signed 01
  <removed>
        quit
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO887VA-K9 sn <removed>
!
!
username <removed> privilege 15 password 7 <removed>
username <removed> secret 5 <removed>
!
!
!
!
!
controller VDSL 0
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
!
crypto isakmp client configuration group VPN_CLIENTS
 key ClientVpnKey
 dns 172.16.0.1
 domain peschaudgabon.loc
 pool VPN_CLIENT_POOL
 acl 110
!
!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
 mode tunnel
!
!
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
 set transform-set TRANS_3DES_SHA
!
!
crypto map EXT_MAP client authentication list VPN_CLIENT_LOGIN
crypto map EXT_MAP isakmp authorization list VPN_CLIENT_GROUP
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
!
!
!
!
interface Ethernet0
 no ip address
 shutdown
!
interface ATM0
 no ip address
 ip virtual-reassembly in
 no atm ilmi-keepalive
 pvc 1/40
  oam-pvc 0
  encapsulation aal5snap
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Virtual-Template1 type tunnel
 ip unnumbered Vlan1
 ip nat inside
 ip virtual-reassembly in
 tunnel mode ipsec ipv4
!
interface Vlan1
 ip address 172.16.0.254 255.255.0.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in max-reassemblies 1024
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname <removed>
 ppp chap password 7 <removed>
 ppp pap sent-username <removed> password 7 <removed>
 ppp ipcp dns request
 ppp ipcp route default
 crypto map EXT_MAP
!
ip local pool VPN_CLIENT_POOL 172.16.2.1 172.16.2.100
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
!
access-list 100 permit ip 172.16.0.0 0.0.255.255 any
dialer-list 1 protocol ip permit
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 transport input all
!
scheduler max-task-time 5000
sntp server 172.16.0.1
!
end

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents