I am fully aware that this topic has been discussed several times bit I do not find the error in my config.
I have a 1941, configured an IPSEC VPN access and would like to have access to the hosts on the inside LAN. NAT is working perfectly fine as I can browse the internet through the VPN tunnel. The one thing missing is there's no access to the hosts on the inside LAN.
! ! username admin privilege 15 secret 4 yxyx username vpntest password 0 5678 username vpngroup password 0 1234 ! redundancy ! controller Cellular 0/0 ! no ip ftp passive ip ssh version 2 ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 ! crypto isakmp client configuration group vpngroup key Pass4VPNGroup dns 192.168.178.254 domain vpn.123.local pool vpnpool save-password max-users 10 banner ^C Welcome to The Jungle^C crypto isakmp profile VPNclient description VPN Client Profil match identity group vpngroup client authentication list clientauth isakmp authorization list groupauth client configuration address respond virtual-template 2 ! ! crypto ipsec transform-set myset esp-aes esp-sha-hmac ! ! crypto ipsec profile vpn-vti2 set transform-set myset ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description $ETH-WAN$ no ip address no ip proxy-arp ip flow ingress duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no mop enabled ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1/0 no ip address ! interface GigabitEthernet0/1/1 no ip address ! interface GigabitEthernet0/1/2 no ip address ! interface GigabitEthernet0/1/3 no ip address ! interface Cellular0/0/0 no ip address encapsulation slip ! interface Cellular0/0/1 no ip address encapsulation slip ! interface Virtual-Template1 ip unnumbered Dialer1 ! interface Virtual-Template2 type tunnel description IPsec VPN Dialin ip unnumbered Vlan1 ip nat inside ip virtual-reassembly in tunnel mode ipsec ipv4 tunnel protection ipsec profile vpn-vti2 ! interface Vlan1 description LAN ip address 192.168.178.254 255.255.255.0 no ip proxy-arp ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Vlan2 no ip address ! interface Dialer1 ip ddns update hostname gioia.dyndns.org ip ddns update gioia ip address negotiated no ip proxy-arp ip mtu 1452 ip flow ingress ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 load-interval 30 dialer pool 1 dialer idle-timeout 0 dialer-group 1 ppp authentication chap callin ppp chap hostname xxx@yyy ppp chap password 0 top_secret no cdp enable ! ip local pool vpnpool 192.168.178.190 192.168.178.198 ip forward-protocol nd ! no ip http server ip http authentication local ip http secure-server ! ip dns server ip nat inside source list 1 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 ! access-list 1 permit 192.168.178.0 0.0.0.255 access-list 1 remark dialer-list 1 protocol ip permit ! ! snmp-server community public RO snmp-server enable traps entity-sensor threshold ! ! ! control-plane ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line 0/0/0 exec-timeout 0 0 no exec line 0/0/1 no exec line vty 0 4 transport input ssh ! scheduler allocate 20000 1000 ntp master ntp server de.pool.ntp.org !
the source subnet (the subnet the VPN clients are located in) is the very same as the destination subnet (192.168.178.0/24).
What I just found out is quite confusing. I can ping exactly one host in the network: a Gigaset VoIP phone. The Cisco phones, Servers, Windows and Linux clients I can't ping...
