[Last Call] Learn how to a build a cloud-first strategyRegister Now


Unable to reach IP tunnel destination addresses from IOS

Posted on 2009-02-17
Medium Priority
Last Modified: 2012-05-06

I am trying to setup a Cisco 877 router as a DNS Server. The same router has a Site to Site Tunnel setup and working between it and our main office located behind a Cisco PIX 515E.

877 (192.168.104.x) -> PIX (192.168.1.x)

I have enabled

IP DNS Server
IP name-server

Basically assigning my private DNS servers does not work. I can ping the private DNS Servers from any PC at either end of the tunnel (192.168.104.x & 192.168.1.x). However I cannot ping the Private DNS Server IP addresses or anything at 192.168.1.x from IOS at the remote side.

Cut a long story short, the reason I am trying to use my private DNS Servers as Name servers is to use split dns, I also realise that I can assign the same name servers inside a dhcp scope on the router..but again due to setting up split dns I need to do it this way.  

If only I can figure out why I cannot ping the devices or anything else at the end of the tunnel from the router itself.

Is it because the traffic is originating from the Dialer interface, and not VLAN1?

I have attached a sample copy of my config, hopefully somebody can advise where I'm going wrong!

Many Thanks,


Question by:itdeptneci
LVL 79

Accepted Solution

lrmoore earned 750 total points
ID: 23670060
>If only I can figure out why I cannot ping the devices or anything else at the end of the tunnel from the router itself.
Because your router's IP address is not included in the interesting traffic to go through the tunnel.
Try to ping from the router to the dns server and your source IP will be your outside interface IP,  not the inside interface IP. Do a source ping using the inside IP address and you will be successful. So you need to add the routers public ip to the acl that defines the crypto map match traffic (on both sides)

Author Comment

ID: 23680199
Yes sorry..I since found this about 2 minutes after posting the question but forgot to close it out.

Seeing as you are the only one which replied to the message I'll give you the points.



Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question