Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2428
Views
0
Helpful
4
Replies

VPN client can't access or ping the local network

Go to solution
Abdallah Alkhader
Level 1
Level 1

‎05-23-2013 10:43 AM

Hi All,

I have the following setup main site has many VPN connections (site-to-site)

i have added VPN client setup to main,   clients  can login but can’t reach or ping any host even default gateway

Attached   configuration file.

Thanks

Abdallah Alkhader

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to Abdallah Alkhader

‎05-24-2013 08:11 AM

please paste a screenshot of the VPN-client statistics after pinging and also the output of "show crypto ipsec sa".

Which address do you try to reach on the router?

And under Fa4, you probably don't want do disaple cef, so remove these:

no ip route-cache cef

no ip route-cache

--

Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Abdallah Alkhader
Level 1
Level 1

‎05-24-2013 03:57 AM

Any suggestion ?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎05-24-2013 04:05 AM

1) The dynamic crypto map should always be the last entry in the crypto map:

no crypto map MYMAP 30

crypto map MYMAP 65000 ipsec-isakmp dynamic dynmap

2) I try to remember if on the legacy dynamic crypto maps RRI needed to be configured ...

crypto dynamic-map dynmap 10

  reverse-route

EDIT: overlooked some config ...

-- 

Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Abdallah Alkhader
Level 1
Level 1
In response to Karsten Iwen

‎05-24-2013 07:55 AM

Thanks Karsten for yr reply

i added thoes lines but still i am not able to ping anything

regards

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Abdallah Alkhader

‎05-24-2013 08:11 AM

please paste a screenshot of the VPN-client statistics after pinging and also the output of "show crypto ipsec sa".

Which address do you try to reach on the router?

And under Fa4, you probably don't want do disaple cef, so remove these:

no ip route-cache cef

no ip route-cache

--

Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents