[c-nsp] VPN access on 831 - cannot access local LAN

Michael Markstaller mm at elabnet.de
Tue Nov 2 10:47:30 EST 2004


- and/or "sh tech"
I've some 83x and 17xx with a similar config, it's possiblke to find a working combination but there are MANY bugs along most IOS-versions.
The sh tech should give answers to most things, the version currently running best for me is 12.3(7)Tx for such environments..
but all in all I'll use no more 83x anymore, 1712 for instance are ages faster and therfore much more stable in real-live with worms etc., but thats just my opinion ;)

Michael

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Josh Duffek
Sent: Tuesday, November 02, 2004 3:53 PM
To: chris at peaknetworks.com; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] VPN access on 831 - cannot access local LAN


Need to see:
Sh ver
Sh run
Sh cry isakmp sa
Sh cry ipsec sa

Kinda sounds like a bug...but not sure.  Might also want to CC:
cisco-sec at external.cisco.com.

Thanks,

josh duffek    network engineer
consultantjd16 at ridemetro.org

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of
christopher.hale at peaknetworks.com
> Sent: Monday, November 01, 2004 10:44 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] VPN access on 831 - cannot access local LAN
> 
> All -
> 
> We're attempting to install a small 831 series router into a client
> office,
> enable NAT, and allow for VPN access for remote users.  We have NAT
> running
> fine with 10.x IPs, and configured VPN using:
> 
> Configuring Cisco VPN Client with Cisco IOS Easy VPN Server
>
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns27/networking_solu
ti
> on
> s_white_paper09186a0080186fda.shtml
> 
> We can get the VPN client to connect, and everything looks fine from
the
> console, but the client can only ping the first IP address they try,
and
> they cannot browse the local LAN.  We tried to enable local-lan access
in
> the crypto map and on the client, but still no good.
> 
> Anyone have a good suggestion on where to start?
> 
> Chris
> 
> 
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list