[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
08/10/2009 at 03:40PM PDT, ID: 24641625
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.7

No Internal Ping -- Cisco 2811 IPSEC VPN

Asked by aseisman in Virtual Private Networking (VPN), Network Routers

Tags: cisco, router, IOS, vpn, ipsec

I am trying to configure an IPSEC vpn on my 2811 router. I am able to connect to the VPN, however I cannot ping any internal resources, including the internal IP of the router, 10.0.1.1. 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:

yourname#show run
Building configuration...
 
Current configuration : 6025 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local 
!
!
aaa session-id common
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool LAN
   import all
   network 10.0.1.0 255.255.255.0
   default-router 10.0.1.1 
   dns-server 4.2.2.1 4.2.2.2 
   lease infinite
!
!
ip domain name yourdomain.com
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-3579361095
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3579361095
 revocation-check none
 rsakeypair TP-self-signed-3579361095
!
!
crypto pki certificate chain TP-self-signed-3579361095
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33353739 33363130 3935301E 170D3039 30373234 31383238 
  35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35373933 
  36313039 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100B4D4 BE8AFDC2 BD85F413 5F195E04 12765448 B54D2EC4 B9FCE684 6E76C730 
  DF0ACE7A 9E64A5CE 820638C5 3867C494 5783B5A7 44DAB643 73CAE524 A19DC4EB 
  E881D7F4 88E838F7 AA1AA8E0 1FDBBD70 124FD296 AA087A96 4AB2B925 E51F6961 
  37C8E89D 4B3B1FD2 AAD11B2D EB0A1708 368265B2 3EBCF88A E00B349E D4B32FE1 
  5F390203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 
  301F0603 551D2304 18301680 145DAA56 8BE4F9C9 CCE4C686 35F858D1 288E158D 
  56301D06 03551D0E 04160414 5DAA568B E4F9C9CC E4C68635 F858D128 8E158D56 
  300D0609 2A864886 F70D0101 04050003 81810009 FC7C05C6 4BA3C656 92E1BED5 
  55F65E3D CE40917B 6276AA35 59C46A93 75D9F723 280521E3 5EB353D0 D4751C49 
  F643FED1 65E2D0E0 8B4FB1DF 0459BD9F C00AB3E4 E7BB1F93 EEC47774 4A7C0245 
  4524AFA2 4138FFF9 A4195C2A CB50397F AF6B94F7 529161AB 08C49D98 0E9DD561 
  6B6AC26F E48F07F3 F2E85B6B 26AEAB22 110784
  	quit
!
!
username aseisman privilege 15 secret 5 $1$4ApO$cLg18ne2hFW3sHy01yNsE0
username aaron password 0 pam123
archive
 log config
  hidekeys
! 
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group 3000client
 key pam123
 dns 4.2.2.1
 wins 10.0.1.1
 domain manvantage.com
 pool ippool
 acl 102
 include-local-lan
 netmask 255.255.255.0
!         
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac 
!
crypto dynamic-map dynmap 10
 set transform-set myset 
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap 
!
!
!
!
!
!
interface FastEthernet0/0
 description $Cable$
 ip address EXTERNAL_IP 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
 crypto map clientmap
!
interface FastEthernet0/1
 ip address 10.0.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip local pool ippool 10.0.1.160 10.0.1.191
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 96.57.246.169 251
ip route 0.0.0.0 0.0.0.0 96.56.92.137 251
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map RMAP_1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.0.0.0 0.0.15.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.0.0 0.0.15.255 any
!
!
route-map RMAP_1 permit 1
 match ip address 102
 match interface FastEthernet0/0
!
!
!
control-plane
!         
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device. 
This feature requires the one-time use of the username "cisco" 
with the password "cisco". The default username and password have a privilege level of 15.
 
Please change these publicly known initial credentials using SDM or the IOS CLI. 
Here are the Cisco IOS commands.
 
username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco
 
Replace <myuser> and <mypassword> with the username and password you want to use. 
 
For more information about SDM please follow the instructions in the QUICK START 
GUIDE for your router or go to http://www.cisco.com/go/sdm 
-----------------------------------------------------------------------
^C
!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
 
yourname#
 
Keywords: No Internal Ping -- Cisco 2811 IPS…
Title
1 IPSEC VPN ACL
2 vpn ipsec
3 IPSEC vpn tunnel setup
4 Cisco IPSec VPN crashing when chan…
5 ASA5510 Router: Reaching a Site…
6 Cisco IPSEC VPN problem
 
Loading Advertisement...
 
[+][-]08/10/09 04:32 PM, ID: 25065063

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08/10/09 05:09 PM, ID: 25065273

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]08/10/09 07:03 PM, ID: 25065672

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08/11/09 03:47 AM, ID: 25067591

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]08/11/09 04:07 AM, ID: 25067680

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08/11/09 05:53 AM, ID: 25068386

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]08/11/09 06:21 AM, ID: 25068666

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Virtual Private Networking (VPN), Network Routers
Tags: cisco, router, IOS, vpn, ipsec
Sign Up Now!
Solution Provided By: mikecr
Participating Experts: 3
Solution Grade: A
 
 
[+][-]08/11/09 07:15 AM, ID: 25069297

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]08/11/09 08:05 AM, ID: 25069896

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08/11/09 08:37 AM, ID: 25070265

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-91 - Hierarchy / EE_QW_3_20080625