[nsp] Easy VPN problem

Roberto Bazan Sancho roberto.bazan at inycom.es
Thu Dec 18 04:52:24 EST 2003 

it was an newbie error,

The access list 101 of my configuration for deny NAT wasn't correct.

Thank you very much Sergio.

Roberto.

> -----Original Message-----
> From: Roberto Bazan Sancho [mailto:roberto.bazan at inycom.es]
> Sent: 17 December 2003 19:28
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] Easy VPN problem
> 
> 
> Hello everybody.
> 
> I've an extrange problem with a Easy VPN Server IOs configuration.
> 
> I've a router 837 configured for Internet access doing NAT, 
> in this router i've configured Ez VPN Server
> 
> This is my scenario:
> 
>    My Computer ------ INTERNET ----  837 Router with NAT and 
> Ez VPN Server ----- 192.168.8.0 Network
> 
> >From my computer with internet and  vpn client 4.0.3(A) i 
> connected fine with the 837 Ez VPN Server, but my problem is the next:
> 
> When the tunnel is established and i do a ping to 
> 192.168.8.191 for example, it respond me fine, but the next 
> ping for any IP
> 
> for example
> ping 192.168.8.223 interface ethernet of the Router
> or
> ping 192.168.8.101 a server
> 
> it doesn't respond me.
> 
> Then i close the tunnel and reconnect, then tunnel is 
> established fine, and make a ping to 192.168.8.223 and it 
> respond me fine
> 
> Does anybody understart this ?
> 
> This is my router configuration:
> 
> !
> !
> crypto isakmp policy 10
>  encr 3des
>  authentication pre-share
>  group 2
> !
> crypto isakmp client configuration group vpncliente
>  key cisco
>  dns 192.168.4.102
>  domain midominio
>  pool poolprueba
>  acl 197
> !
> !
> crypto ipsec transform-set mipolitica esp-des esp-md5-hmac
> !
> crypto dynamic-map dynmap 10
>  set transform-set mipolitica
> !
> !
> crypto map mapacliente client authentication list authUsuario
> crypto map mapacliente isakmp authorization list authgrupo
> crypto map mapacliente client configuration address respond
> crypto map mapacliente 10 ipsec-isakmp dynamic dynmap
> !
> !
> !
> !
> interface Ethernet0
>  ip address 192.168.8.223 255.255.255.0
>  ip nat inside
>  ip tcp adjust-mss 1452
>  hold-queue 100 out
> !
> interface ATM0
>  no ip address
>  no atm ilmi-keepalive
>  dsl operating-mode auto
> !
> interface ATM0.1 point-to-point
>  pvc 8/32
>   pppoe-client dial-pool-number 1
>  !
> !
> interface Dialer1
>  mtu 1492
>  ip address 20.20.20.20 255.255.255.0
>  ip nat outside
>  encapsulation ppp
>  dialer pool 1
>  ppp chap hostname x
>  ppp chap passwordx
>   crypto map mapacliente
> !
> ip local pool poolprueba 172.17.1.1 172.17.1.30
> ip nat inside source list 101 interface Dialer1 overload
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer1
> !
> !
> !
> access-list 101 deny   ip 172.17.1.0 0.0.0.255 any
> access-list 101 permit ip 192.168.8.0 0.0.0.255 any
> access-list 197 permit ip 192.168.8.0 0.0.0.255 172.17.1.0 0.0.0.255
> end
> 
> Thanks in advance
> Roberto.
> 
> 
> 
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list