cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
610
Views
0
Helpful
7
Replies

VPN connects but then can't ping inside addreses 192.168.1.*

DaleKnutsen
Level 1
Level 1

I an a novice at VPN. I have created a working VPN service on our Cisco 1711, and can sucessfully connect from a Cisco VPN client. Using the resulting tunnel, I can access the router using its static IP, and also access a directly connected DSL gateway using its static IP (i/f FastEthernet0). However, I have no connectivity to the hosts on the private network (lan1) e.g. no response from ping. Any ideas what might be blocking me?

The only thing I wonder about is that the hosts on the private network uses addresses 192.168.1.*, which are not routable; I don't know if that makes a difference in this case.

7 Replies 7

sachinraja
Level 9
Level 9

Hello Dale

Is the inside subnet, directly connecting to your 1711 routers ethernet ?? can you give us your LAN subnet and the IP Pool that is being used for Remote access VPN connection ??

Raj

Hello Raj, here is the info you requested.

Yes, the inside subnet is directly connected to the router. The inside subnet hosts are assigned addresses 192.168.1.*, and on that interface the router's address is 192.168.1.1.

The IP Pool is 192.168.1.161 to 192.168.1.170. The associated subnet mask is 255.255.255.0.

Thanks,

Dale

I have the same problem. Have you solved?

Thanks

Hi ,

this might be due to ACLs or Firewall rules.

Can you check that ESP is authorized ?

hope this helps ..

How Can i check this configuration. Can you explain what I have to do?

Thanks

DaleKnutsen
Level 1
Level 1

I have checked the ACLs and NAT configuration, and find no problems there (for what it's worth since I'm a novice).

It appears to me that the problem is in the routing table regarding the VPN pool-assigned addresses. We chose the pool addresses to be a subset of those on Vlan1, and the routing table includes this:

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

I don't know for sure if this is a problem, but it may be, and in any case, it makes things more difficult to understand and to manage. It's possible that the routing table is selecting to send the packets addressed to the tunnel IPs back to Vlan1 rather than outward through the tunnel.

So I plan to redo the VPN address pool to be on a new subnet -- different from the subnets of our existing ones on Vlan1 and Vlan2, thus making the VPN pool-assigned addresses simply and clearly managable without entanglement with those of Vlan1 and Vlan2. I am hopeful that this will make things work.

Comments?

My VNP setup is now fully operational! The solution proposed in the previous post was indeed the answer.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: