Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2356
Views
0
Helpful
17
Replies

VPN tunnel is working but no access to local LAN

pjscheele
Level 1
Level 1

‎04-11-2013 06:22 AM

Hi,

I created a IPSEC tunnel to vpn into my home network.

The tunnel builds and i do have internet access

i verified with traceroute that it is indeed using the tunnel.

when i try to ping (or reach in general) one of the hosts in my home network it fails.

i can't see whats wrong anymore.

please find the config below:

!

ip source-route

!

!

!

ip dhcp excluded-address 192.168.101.240 192.168.101.254

ip dhcp excluded-address 192.168.101.1 192.168.101.10

!

!

!

ip cef

ip name-server 8.8.8.8

ip name-server 8.8.4.4

no ipv6 cef

!

multilink bundle-name authenticated

!

no ip rcmd domain-lookup

!

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group 3000client

key *******

dns 8.8.8.8

domain LAB

pool ippool

!

!

crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac

!

!

crypto dynamic-map DYNMAP 10

set transform-set MYSET

reverse-route remote-peer 192.168.102.254

!

!

!

!

crypto map CLIENTMAP local-address FastEthernet0/1

crypto map CLIENTMAP client authentication list AAA_LOGIN

crypto map CLIENTMAP isakmp authorization list groupauthor

crypto map CLIENTMAP client configuration address initiate

crypto map CLIENTMAP client configuration address respond

crypto map CLIENTMAP 10 ipsec-isakmp dynamic DYNMAP

!

!

bridge irb

!

!

!

!

!

interface FastEthernet0/1

description IPSEC

ip address 192.168.102.254 255.255.255.0

ip virtual-reassembly in

no ip route-cache cef

duplex auto

speed auto

crypto map CLIENTMAP

!

!

ip local pool ippool 192.168.102.240 192.168.102.247

ip default-gateway 192.168.101.251

ip forward-protocol nd

no ip http server

ip http authentication local

ip http secure-server

!

!

ip route 0.0.0.0 0.0.0.0 192.168.101.251

!

no logging trap

logging 172.16.0.252

!

!

!

!

!

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!
!
ip source-route
!
!
!
ip dhcp excluded-address 192.168.101.240 192.168.101.254
ip dhcp excluded-address 192.168.101.1 192.168.101.10
!
!
!
ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
no ip rcmd domain-lookup
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group 3000client
key *******
dns 8.8.8.8
domain LAB
pool ippool
!
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
!
!
crypto dynamic-map DYNMAP 10
set transform-set MYSET
reverse-route remote-peer 192.168.102.254
!
!
!
!
crypto map CLIENTMAP local-address FastEthernet0/1
crypto map CLIENTMAP client authentication list AAA_LOGIN
crypto map CLIENTMAP isakmp authorization list groupauthor
crypto map CLIENTMAP client configuration address initiate
crypto map CLIENTMAP client configuration address respond
crypto map CLIENTMAP 10 ipsec-isakmp dynamic DYNMAP
!
!
bridge irb
!
!
!
!
!
interface FastEthernet0/1
description IPSEC
ip address 192.168.102.254 255.255.255.0
ip virtual-reassembly in
no ip route-cache cef
duplex auto
speed auto
crypto map CLIENTMAP
!
!
ip local pool ippool 192.168.102.240 192.168.102.247
ip default-gateway 192.168.101.251
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.101.251
!
no logging trap
logging 172.16.0.252
!
!
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!

Labels:
0 Helpful
17 Replies 17

pjscheele
Level 1
Level 1
In response to rizwanr74

‎04-18-2013 03:02 AM

Hi,

I reviewed and recreated the config.

still nothing.

I ran some traceroutes and sniffed on the remote pc and i noticed that the traffic is getting to client i like to ping, the way back seems to be the problem.

when i traceroute from the client 192.168.101.250 the traffic go's up to the gateway and then dies (which is strange because it knows the route, i can ping from the router to the vpn-client)

any idea's?

0 Helpful

pjscheele
Level 1
Level 1
In response to pjscheele

‎04-18-2013 03:35 AM

HAHAAAAA victory is mine!!!

i disabled IP CEF and that did the trick.

i can now fully access the remote LAN.

0 Helpful

rizwanr74
Level 7
Level 7
In response to pjscheele

‎04-18-2013 06:23 AM

Hi Peter,

Glad to hear things worked out for you.

Pls rate helpful post in the threat.

thanks

Rizwan Rafeek

0 Helpful
Customers Also Viewed These Support Documents