[nsp] Easy VPN problem

Jason Lixfeld jason at lixfeld.ca
Wed Dec 17 13:35:07 EST 2003


Paste the output of show crypto ipsec sa when you first connect, and 
after you reconnect and are able to ping things fine.

On Dec 17, 2003, at 1:28 PM, Roberto Bazan Sancho wrote:

> Hello everybody.
>
> I've an extrange problem with a Easy VPN Server IOs configuration.
>
> I've a router 837 configured for Internet access doing NAT, in this 
> router i've configured Ez VPN Server
>
> This is my scenario:
>
>    My Computer ------ INTERNET ----  837 Router with NAT and Ez VPN 
> Server ----- 192.168.8.0 Network
>
>> From my computer with internet and  vpn client 4.0.3(A) i connected 
>> fine with the 837 Ez VPN Server, but my problem is the next:
>
> When the tunnel is established and i do a ping to 192.168.8.191 for 
> example, it respond me fine, but the next ping for any IP
>
> for example
> ping 192.168.8.223 interface ethernet of the Router
> or
> ping 192.168.8.101 a server
>
> it doesn't respond me.
>
> Then i close the tunnel and reconnect, then tunnel is established 
> fine, and make a ping to 192.168.8.223 and it respond me fine
>
> Does anybody understart this ?
>
> This is my router configuration:
>
> !
> !
> crypto isakmp policy 10
>  encr 3des
>  authentication pre-share
>  group 2
> !
> crypto isakmp client configuration group vpncliente
>  key cisco
>  dns 192.168.4.102
>  domain midominio
>  pool poolprueba
>  acl 197
> !
> !
> crypto ipsec transform-set mipolitica esp-des esp-md5-hmac
> !
> crypto dynamic-map dynmap 10
>  set transform-set mipolitica
> !
> !
> crypto map mapacliente client authentication list authUsuario
> crypto map mapacliente isakmp authorization list authgrupo
> crypto map mapacliente client configuration address respond
> crypto map mapacliente 10 ipsec-isakmp dynamic dynmap
> !
> !
> !
> !
> interface Ethernet0
>  ip address 192.168.8.223 255.255.255.0
>  ip nat inside
>  ip tcp adjust-mss 1452
>  hold-queue 100 out
> !
> interface ATM0
>  no ip address
>  no atm ilmi-keepalive
>  dsl operating-mode auto
> !
> interface ATM0.1 point-to-point
>  pvc 8/32
>   pppoe-client dial-pool-number 1
>  !
> !
> interface Dialer1
>  mtu 1492
>  ip address 20.20.20.20 255.255.255.0
>  ip nat outside
>  encapsulation ppp
>  dialer pool 1
>  ppp chap hostname x
>  ppp chap passwordx
>   crypto map mapacliente
> !
> ip local pool poolprueba 172.17.1.1 172.17.1.30
> ip nat inside source list 101 interface Dialer1 overload
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer1
> !
> !
> !
> access-list 101 deny   ip 172.17.1.0 0.0.0.255 any
> access-list 101 permit ip 192.168.8.0 0.0.0.255 any
> access-list 197 permit ip 192.168.8.0 0.0.0.255 172.17.1.0 0.0.0.255
> end
>
> Thanks in advance
> Roberto.
>
>
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list