09-06-2010 07:04 AM
Hi,
I have an IP Sec VPN between a Cisco 877 and a Cisco Small Business SRP527W. We can ping the private IP of the remote router but nothing beyond them. E.g. we can ping the default gateway of the remote PC e.g. 192.168.0.1 but are unable to ping the PC on 192.168.0.3.
Any ideas / hints greatly appreciated.
Thanks,
Craig.
09-06-2010 07:08 AM
Hello,
Do you have NAT configured on the remote end? Have you excluded VPN traffic
from NAT rules?
Regards,
NT
09-06-2010 07:35 AM
Hi, I didn’t configure the router but I have had a look and this is the VPN NAT config:
ip nat inside source route-map no-nat interface Dialer0 overload
access-list 120 remark SDM_ACL Category=18
access-list 120 remark IPSec Rule
access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.179.0 0.0.0.255
access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.175.0 0.0.0.255
access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.176.0 0.0.0.255
access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.177.0 0.0.0.255
access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.178.0 0.0.0.255
access-list 120 deny ip 172.27.27.0 0.0.0.31 192.178.179.0 0.0.0.255
access-list 120 permit ip 172.27.27.0 0.0.0.31 any
route-map no-nat permit 1
match ip address 120
match interface Dialer0
The hub subnet is
172.27.27.0
The following are the remote sites.
192.168.179.0
192.168.175.0
192.168.176.0
192.168.177.0
192.168.178.0
192.168.179.0
Before I make changes I'm sure the lines:
access-list 120 deny ip 172.27.27.0 0.0.0.31 192.168.xxx.0 0.0.0.255
need to be:
access-list 120 permit ip 172.27.27.0 0.0.0.31 192.168.xx.0 0.0.0.255
?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide