Home
Certification Preparation
Cisco
CCNP
CCNP Security
VPN Tunnel's up but.....
azobiora
Hi everyone!
Ok i know i posted some weeks back, that ma site-to-site vpn tunnels are up but for some what reason it will disconnect, well i gat that sorted out....it was ma sa lifetime issues. It's fun having all these things put together and having them work.
But i do have one little problem that i have done all that i think i know....but as you all know i can't know it all! That's why groups as these has been ones is there to help out by sharing problems.
The problem i face is this!!! The tunnels are up and running and wonderful...i feel great about it...but not so great cos from the remote network, i could ping the LAN interface of ma router which is 192.168.1.7 but i can't ping any other IP in that same subnet. Any clues to what wrong that i have done? This also holds through for my EZVPN configs too!
Find more posts tagged with
Comments
apd123
Speaking of your configs where are they?
shednik
Any routes missing? configs would help too
tdempsey
What is the local VPN subnet and what is the remote VPN subnet?
azobiora
It's there 192.168.1.0/24
APA
It's late over here.....but I'm sure my eyes aren't playing tricks on me....
But are you referencing a non-existent crypto-map on the WAN interface?
'crypto map MRS_CMAP_1' as opposed to 'crypto map MRS_MAP_1'
Any by the looks of your config it's not a SITE-2-SITE VPN... it's a Remote-Access VPN? hence the Dynamic Crypto Maps?
No offence but that config seems to be a bit all over the shop.....
Question 1- What tunnels are up? (show crypto ipsec sa,show crypto isakmp sa)
Question 2 - What are you trying to acheive?
azobiora
HI APA,
Yeah that's an EZvpn config i have up there!!! so the crypto map MRS_CMAP_1 is a real MAP that replaces the template crypto map MRS_MAP_1 on the wan interface.
Also i intend slamming a site-to-site vpn on the router but first i want to achieve full communication to my LAN, i mean being able to ping any IP within my 192.168.1.0/24. For now i can just only ping the router's LAN interface which is 192.168.1.7. The policies negotiates very well...i am able to connect via the cisco vpn client software on my machine from an outside network, but trying to access resource within the 192.168.1.0/24 subnet is the problem i am having.
I also exprienced same thing when i had the site to site vpn configured up and running. Tunnels were fully established but i could only ping the router's LAN interface. Wasn't able to reach other IP's in ma network.
So i am up to any suggestion or corrections given by you or any other person who's well exprienced than myself in the game. No offence taken at all! We learn daily!
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
