INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

EzVPN - I cannot ping resources on the 192.168.1.0

EzVPN - I cannot ping resources on the 192.168.1.0

(OP)
Hello,

I have set-up EzVPN Client/Server router and the VPN is working fine but I can't ping or access from PC1 to the fileserver connected on EzVPN server which is in the subnet 192.168.1.0

PC1-->EzVPNClient -->ISP_Router<--INTERNET-->EzVPNServer<--FileServer(IP 192.168.1.10)


EzVPN-SERVER
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$3zxk$mHoeINqbiwlS24OIA6NQN1
!
aaa new-model
!
aaa authentication login USER_AAA local
aaa authentication login USERLIST local
aaa authorization network GROUP_AAA local
!
aaa session-id common
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool Inside-LAN
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
option 150 ip 192.168.1.15
dns-server 4.4.4.4
domain-name nano.com
!
no ip domain lookup
ip domain name nano.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
!
username admin secret 5 $1$7/wV$gMKG9HttpO3SDEdHWyMV80
!
redundancy
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 90 12
!
crypto isakmp client configuration group VPN1
key 1234567890
dns 4.4.4.4
domain nano.com
pool VPN-POOL
acl SPLIT_T
save-password
crypto isakmp profile EZVPN_ISAKMP_PROFILE
self-identity address
match identity group VPN1
client authentication list USERLIST
isakmp authorization list GROUP_AAA
client configuration address respond
keepalive 10 retry 3
!
crypto ipsec transform-set TRANSFORM-1 esp-3des esp-md5-hmac
mode tunnel
!
crypto dynamic-map INT_MAP 1
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 36000
set transform-set TRANSFORM-1
set isakmp-profile EZVPN_ISAKMP_PROFILE
reverse-route
!
crypto map INT_MAP client authentication list USER_AAA
crypto map INT_MAP isakmp authorization list GROUP_AAA
crypto map INT_MAP client configuration address respond
crypto map INT_MAP 30000 ipsec-isakmp dynamic INT_MAP
!
interface GigabitEthernet0/0
description INTERNET#
ip address 50.50.50.50 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map INT_MAP
!
interface GigabitEthernet0/1
description INSIDE-LAN#
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip local pool VPN-POOL 192.168.100.100 192.168.100.200
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 50.50.50.1
!
ip access-list extended SPLIT_T
permit ip 192.168.1.0 0.0.0.255 any
!
no cdp run
!
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
gatekeeper
shutdown
!
end


EzVPN-CLIENT
!
boot-start-marker
boot-end-marker
!
enable password admin
!
no aaa new-model
!
ip cef
!
ip dhcp excluded-address 10.10.10.1 10.10.10.15
!
ip dhcp pool INSIDE
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
option 150 ip 192.168.1.15
!
no ipv6 cef
!
username admin privilege 15 secret 4 X4ZqtPJ///KxuEWxHSsJrv3beQVnz2ise/xj8fF6eFU
!
redundancy
!
crypto ipsec client ezvpn CLIENT1
connect auto
group VPN1 key 1234567890
mode network-plus
peer 50.50.50.50
username admin password admin
xauth userid mode local
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address dhcp
duplex auto
speed auto
crypto ipsec client ezvpn CLIENT1
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn CLIENT1 inside
!
interface Virtual-Template2 type tunnel
no ip address
tunnel mode ipsec ipv4
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
ip route 0.0.0.0 255.255.255.255 GigabitEthernet0/0 dhcp
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
end

Thank you in advance for your support.

RE: EzVPN - I cannot ping resources on the 192.168.1.0

can you post a 'sh route' on both ?

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close