VPN Routing Problem

matthiaskoehler · ‎05-03-2004

Hello,

Because this is far too much ahead for me as CCNA maybe you can help me with my problem:

I have two Routers, a 1712 and a 1720. Both are connected to the Internet using DSL, PPPOE and are doing NAT.

I have established a GRE Tunnel encapsulated in IPSEC. (hopefully)

My network:

WinXP - 192.168.0.10

C1712 - 192.168.0.1

Tunnel - 172.16.0.1

**ISP

Tunnel - 172.16.0.2

C1720 - 10.0.0.1

WinXP - 10.0.0.2

The clients reach the Internet and both Routers can ping each other using the 172.16.0.x, 192.168.0.1 and 10.0.0.1 adresses.

The 1720 is able to ping everybody is both networks.

However,

1. the clients in both Networks cannot ping the other end of the Tunnel.

2. The 1712 cannot ping the Clients in the 10.0.0.0 network

My configuration:

http://www.koehlernetz.de/mk1720.txt

http://www.koehlernetz.de/mk1712.txt

Any idea why?

Matthias Koehler, Germany

Richard Burts · ‎05-05-2004

I notice two things in the config files:

- the 1720 config Dialer 1 interface includes ip access-group dialer in but I do not see the definition of what is in that access list.

- the 1720 BRI0 includes ip nat inside but the 1721 does not have ip nat inside on its BRI interface.

Can you clarify these and find if either of them relates to the problem you describe.

HTH

Rick

matthiaskoehler · ‎05-06-2004

Hello,

thank you for your answer.

The Dial-in configuration of the 1720 Router is incomplete because it is not needed anymore and i will remove it. But i don't think that this has anything to do with my problem.