VPN Tunnel's up but.....

azobioraazobiora Member Posts: 15 ■□□□□□□□□□
Hi everyone!

Ok i know i posted some weeks back, that ma site-to-site vpn tunnels are up but for some what reason it will disconnect, well i gat that sorted out....it was ma sa lifetime issues. It's fun having all these things put together and having them work.

But i do have one little problem that i have done all that i think i know....but as you all know i can't know it all! That's why groups as these has been ones is there to help out by sharing problems.

The problem i face is this!!! The tunnels are up and running and wonderful...i feel great about it...but not so great cos from the remote network, i could ping the LAN interface of ma router which is but i can't ping any other IP in that same subnet. Any clues to what wrong that i have done? This also holds through for my EZVPN configs too!


  • Options
    apd123apd123 Member Posts: 171
    Speaking of your configs where are they?
  • Options
    shednikshednik Member Posts: 2,005
    Any routes missing? configs would help too
  • Options
    tdempseytdempsey Member Posts: 28 ■□□□□□□□□□
    What is the local VPN subnet and what is the remote VPN subnet?
  • Options
    azobioraazobiora Member Posts: 15 ■□□□□□□□□□
    It's there
  • Options
    APAAPA Member Posts: 959
    It's late over here.....but I'm sure my eyes aren't playing tricks on me....

    But are you referencing a non-existent crypto-map on the WAN interface?

    'crypto map MRS_CMAP_1' as opposed to 'crypto map MRS_MAP_1'

    Any by the looks of your config it's not a SITE-2-SITE VPN... it's a Remote-Access VPN? hence the Dynamic Crypto Maps?

    No offence but that config seems to be a bit all over the shop..... icon_sad.gif

    Question 1- What tunnels are up? (show crypto ipsec sa,show crypto isakmp sa)

    Question 2 - What are you trying to acheive?

    CCNA | CCNA:Security | CCNP | CCIP
  • Options
    azobioraazobiora Member Posts: 15 ■□□□□□□□□□
    HI APA,

    Yeah that's an EZvpn config i have up there!!! so the crypto map MRS_CMAP_1 is a real MAP that replaces the template crypto map MRS_MAP_1 on the wan interface.

    Also i intend slamming a site-to-site vpn on the router but first i want to achieve full communication to my LAN, i mean being able to ping any IP within my For now i can just only ping the router's LAN interface which is The policies negotiates very well...i am able to connect via the cisco vpn client software on my machine from an outside network, but trying to access resource within the subnet is the problem i am having.

    I also exprienced same thing when i had the site to site vpn configured up and running. Tunnels were fully established but i could only ping the router's LAN interface. Wasn't able to reach other IP's in ma network.

    So i am up to any suggestion or corrections given by you or any other person who's well exprienced than myself in the game. No offence taken at all! We learn daily!
Sign In or Register to comment.