[nsp] Easy VPN problem

andrew2 at one.net andrew2 at one.net
Wed Dec 17 15:01:56 EST 2003


Just a stab in the dark, but:

no ip route-cache
no ip mroute-cache

Might do the trick for you.

Andrew

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Roberto Bazan
Sancho
Sent: Wednesday, December 17, 2003 1:28 PM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Easy VPN problem


Hello everybody.

I've an extrange problem with a Easy VPN Server IOs configuration.

I've a router 837 configured for Internet access doing NAT, in this
router i've configured Ez VPN Server

This is my scenario:

   My Computer ------ INTERNET ----  837 Router with NAT and Ez VPN
Server ----- 192.168.8.0 Network

>From my computer with internet and  vpn client 4.0.3(A) i connected 
>fine with the 837 Ez VPN Server, but my problem is the next:

When the tunnel is established and i do a ping to 192.168.8.191 for
example, it respond me fine, but the next ping for any IP

for example
ping 192.168.8.223 interface ethernet of the Router
or
ping 192.168.8.101 a server

it doesn't respond me.

Then i close the tunnel and reconnect, then tunnel is established fine,
and make a ping to 192.168.8.223 and it respond me fine

Does anybody understart this ?

This is my router configuration:

!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group vpncliente
 key cisco
 dns 192.168.4.102
 domain midominio
 pool poolprueba
 acl 197
!
!
crypto ipsec transform-set mipolitica esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
 set transform-set mipolitica
!
!
crypto map mapacliente client authentication list authUsuario crypto map
mapacliente isakmp authorization list authgrupo crypto map mapacliente
client configuration address respond crypto map mapacliente 10
ipsec-isakmp dynamic dynmap ! ! ! ! interface Ethernet0  ip address
192.168.8.223 255.255.255.0  ip nat inside  ip tcp adjust-mss 1452
hold-queue 100 out ! interface ATM0  no ip address  no atm
ilmi-keepalive  dsl operating-mode auto ! interface ATM0.1
point-to-point  pvc 8/32
  pppoe-client dial-pool-number 1
 !
!
interface Dialer1
 mtu 1492
 ip address 20.20.20.20 255.255.255.0
 ip nat outside
 encapsulation ppp
 dialer pool 1
 ppp chap hostname x
 ppp chap passwordx
  crypto map mapacliente
!
ip local pool poolprueba 172.17.1.1 172.17.1.30
ip nat inside source list 101 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
access-list 101 deny   ip 172.17.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.8.0 0.0.0.255 any
access-list 197 permit ip 192.168.8.0 0.0.0.255 172.17.1.0 0.0.0.255 end

Thanks in advance
Roberto.






_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list