- Posts: 1
- Thank you received: 0
EzVPN - I cannot ping resources on the 192.168.1.0
10 years 4 months ago - 10 years 4 months ago #38547
by mokenned
EzVPN - I cannot ping resources on the 192.168.1.0 was created by mokenned
Hello,
I have set-up EzVPN Client/Server router and the VPN is working fine but I can't ping or access from PC1 to the fileserver connected on EzVPN server which is in the subnet 192.168.1.0
PC1-->EzVPNClientRouter -->ISP_Router<--INTERNET-->EzVPNServerRouter<--FileServer(IP 192.168.1.10)
EzVPN-SERVER
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$3zxk$mHoeINqbiwlS24OIA6NQN1
!
aaa new-model
!
aaa authentication login USER_AAA local
aaa authentication login USERLIST local
aaa authorization network GROUP_AAA local
!
aaa session-id common
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool Inside-LAN
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
option 150 ip 192.168.1.15
dns-server 4.4.4.4
domain-name nano.com
!
no ip domain lookup
ip domain name nano.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
!
username admin secret 5 $1$7/wV$gMKG9HttpO3SDEdHWyMV80
!
redundancy
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 90 12
!
crypto isakmp client configuration group VPN1
key 1234567890
dns 4.4.4.4
domain nano.com
pool VPN-POOL
acl SPLIT_T
save-password
crypto isakmp profile EZVPN_ISAKMP_PROFILE
self-identity address
match identity group VPN1
client authentication list USERLIST
isakmp authorization list GROUP_AAA
client configuration address respond
keepalive 10 retry 3
!
crypto ipsec transform-set TRANSFORM-1 esp-3des esp-md5-hmac
mode tunnel
!
crypto dynamic-map INT_MAP 1
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 36000
set transform-set TRANSFORM-1
set isakmp-profile EZVPN_ISAKMP_PROFILE
reverse-route
!
crypto map INT_MAP client authentication list USER_AAA
crypto map INT_MAP isakmp authorization list GROUP_AAA
crypto map INT_MAP client configuration address respond
crypto map INT_MAP 30000 ipsec-isakmp dynamic INT_MAP
!
interface GigabitEthernet0/0
description INTERNET#
ip address 50.50.50.50 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map INT_MAP
!
interface GigabitEthernet0/1
description INSIDE-LAN#
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip local pool VPN-POOL 192.168.100.100 192.168.100.200
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 50.50.50.1
!
ip access-list extended SPLIT_T
permit ip 192.168.1.0 0.0.0.255 any
!
no cdp run
!
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
gatekeeper
shutdown
!
end
EzVPN-CLIENT
!
boot-start-marker
boot-end-marker
!
enable password admin
!
no aaa new-model
!
ip cef
!
ip dhcp excluded-address 10.10.10.1 10.10.10.15
!
ip dhcp pool INSIDE
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
option 150 ip 192.168.1.15
!
no ipv6 cef
!
username admin privilege 15 secret 4 X4ZqtPJ///KxuEWxHSsJrv3beQVnz2ise/xj8fF6eFU
!
redundancy
!
crypto ipsec client ezvpn CLIENT1
connect auto
group VPN1 key 1234567890
mode network-plus
peer 50.50.50.50
username admin password admin
xauth userid mode local
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address dhcp
duplex auto
speed auto
crypto ipsec client ezvpn CLIENT1
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn CLIENT1 inside
!
interface Virtual-Template2 type tunnel
no ip address
tunnel mode ipsec ipv4
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
ip route 0.0.0.0 255.255.255.255 GigabitEthernet0/0 dhcp
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
end
Thank you in advance for your support.
I have set-up EzVPN Client/Server router and the VPN is working fine but I can't ping or access from PC1 to the fileserver connected on EzVPN server which is in the subnet 192.168.1.0
PC1-->EzVPNClientRouter -->ISP_Router<--INTERNET-->EzVPNServerRouter<--FileServer(IP 192.168.1.10)
EzVPN-SERVER
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$3zxk$mHoeINqbiwlS24OIA6NQN1
!
aaa new-model
!
aaa authentication login USER_AAA local
aaa authentication login USERLIST local
aaa authorization network GROUP_AAA local
!
aaa session-id common
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool Inside-LAN
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
option 150 ip 192.168.1.15
dns-server 4.4.4.4
domain-name nano.com
!
no ip domain lookup
ip domain name nano.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
!
username admin secret 5 $1$7/wV$gMKG9HttpO3SDEdHWyMV80
!
redundancy
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 90 12
!
crypto isakmp client configuration group VPN1
key 1234567890
dns 4.4.4.4
domain nano.com
pool VPN-POOL
acl SPLIT_T
save-password
crypto isakmp profile EZVPN_ISAKMP_PROFILE
self-identity address
match identity group VPN1
client authentication list USERLIST
isakmp authorization list GROUP_AAA
client configuration address respond
keepalive 10 retry 3
!
crypto ipsec transform-set TRANSFORM-1 esp-3des esp-md5-hmac
mode tunnel
!
crypto dynamic-map INT_MAP 1
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 36000
set transform-set TRANSFORM-1
set isakmp-profile EZVPN_ISAKMP_PROFILE
reverse-route
!
crypto map INT_MAP client authentication list USER_AAA
crypto map INT_MAP isakmp authorization list GROUP_AAA
crypto map INT_MAP client configuration address respond
crypto map INT_MAP 30000 ipsec-isakmp dynamic INT_MAP
!
interface GigabitEthernet0/0
description INTERNET#
ip address 50.50.50.50 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map INT_MAP
!
interface GigabitEthernet0/1
description INSIDE-LAN#
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip local pool VPN-POOL 192.168.100.100 192.168.100.200
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 50.50.50.1
!
ip access-list extended SPLIT_T
permit ip 192.168.1.0 0.0.0.255 any
!
no cdp run
!
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
gatekeeper
shutdown
!
end
EzVPN-CLIENT
!
boot-start-marker
boot-end-marker
!
enable password admin
!
no aaa new-model
!
ip cef
!
ip dhcp excluded-address 10.10.10.1 10.10.10.15
!
ip dhcp pool INSIDE
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
option 150 ip 192.168.1.15
!
no ipv6 cef
!
username admin privilege 15 secret 4 X4ZqtPJ///KxuEWxHSsJrv3beQVnz2ise/xj8fF6eFU
!
redundancy
!
crypto ipsec client ezvpn CLIENT1
connect auto
group VPN1 key 1234567890
mode network-plus
peer 50.50.50.50
username admin password admin
xauth userid mode local
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address dhcp
duplex auto
speed auto
crypto ipsec client ezvpn CLIENT1
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn CLIENT1 inside
!
interface Virtual-Template2 type tunnel
no ip address
tunnel mode ipsec ipv4
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
ip route 0.0.0.0 255.255.255.255 GigabitEthernet0/0 dhcp
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
end
Thank you in advance for your support.
Last edit: 10 years 4 months ago by mokenned.
Time to create page: 0.108 seconds