VPN Tunnel's up but.....

azobioraazobiora Member Posts: 15 ■□□□□□□□□□
Hi everyone!

Ok i know i posted some weeks back, that ma site-to-site vpn tunnels are up but for some what reason it will disconnect, well i gat that sorted out....it was ma sa lifetime issues. It's fun having all these things put together and having them work.

But i do have one little problem that i have done all that i think i know....but as you all know i can't know it all! That's why groups as these has been ones is there to help out by sharing problems.

The problem i face is this!!! The tunnels are up and running and wonderful...i feel great about it...but not so great cos from the remote network, i could ping the LAN interface of ma router which is 192.168.1.7 but i can't ping any other IP in that same subnet. Any clues to what wrong that i have done? This also holds through for my EZVPN configs too!

Comments

  • apd123apd123 Member Posts: 171
    Speaking of your configs where are they?
  • shednikshednik Member Posts: 2,005
    Any routes missing? configs would help too
  • tdempseytdempsey Member Posts: 28 ■□□□□□□□□□
    What is the local VPN subnet and what is the remote VPN subnet?
  • azobioraazobiora Member Posts: 15 ■□□□□□□□□□
    It's there 192.168.1.0/24
  • APAAPA Member Posts: 959
    It's late over here.....but I'm sure my eyes aren't playing tricks on me....

    But are you referencing a non-existent crypto-map on the WAN interface?

    'crypto map MRS_CMAP_1' as opposed to 'crypto map MRS_MAP_1'

    Any by the looks of your config it's not a SITE-2-SITE VPN... it's a Remote-Access VPN? hence the Dynamic Crypto Maps?

    No offence but that config seems to be a bit all over the shop..... icon_sad.gif

    Question 1- What tunnels are up? (show crypto ipsec sa,show crypto isakmp sa)

    Question 2 - What are you trying to acheive?

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • azobioraazobiora Member Posts: 15 ■□□□□□□□□□
    HI APA,

    Yeah that's an EZvpn config i have up there!!! so the crypto map MRS_CMAP_1 is a real MAP that replaces the template crypto map MRS_MAP_1 on the wan interface.

    Also i intend slamming a site-to-site vpn on the router but first i want to achieve full communication to my LAN, i mean being able to ping any IP within my 192.168.1.0/24. For now i can just only ping the router's LAN interface which is 192.168.1.7. The policies negotiates very well...i am able to connect via the cisco vpn client software on my machine from an outside network, but trying to access resource within the 192.168.1.0/24 subnet is the problem i am having.

    I also exprienced same thing when i had the site to site vpn configured up and running. Tunnels were fully established but i could only ping the router's LAN interface. Wasn't able to reach other IP's in ma network.

    So i am up to any suggestion or corrections given by you or any other person who's well exprienced than myself in the game. No offence taken at all! We learn daily!
Sign In or Register to comment.