troubleshooting Question

Cisco VPN cannot ping anything!

Avatar of johnnybrian
johnnybrianFlag for Denmark asked on
RoutersVPNInternet Protocol Security
9 Comments1 Solution878 ViewsLast Modified:
Hi!

Im having a little trouble with a cisco setup i made. I have a cisco 851 running as a VPN gateway for a computer with a Cisco VPN client.

Everyting is setup, and i get the connection with the VPN client and the correct IP, but i cant ping anything from the computer when connected to the VPN.

Can YOU find the error?


Building configuration...
 
Current configuration : 6486 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname gw1.xxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authorization exec default local
aaa authorization network groupauthor local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-3074672605
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3074672605
 revocation-check none
 rsakeypair TP-self-signed-3074672605
!
!
crypto pki certificate chain TP-self-signed-3074672605
 certificate self-signed 01
  30820259 308201C2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33303734 36373236 3035301E 170D3032 30333031 30313139
  31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30373436
  37323630 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C3D6 9FA87942 846FFEEC DBFC03D5 3860E7C2 868EF55B A34B2C8B 1C20BDC0
  88462B61 29B79A33 F1B79BCC 1628E749 9A8952A9 719011CC 9C617EE0 E8CB1229
  458EEE84 8750502D 6DB70D96 25297E99 82314A97 B034D771 BA0E8E8E 18E21156
  FF1A6997 1F385184 60302AEC DD63F0CA FB0A2298 A9C6CCBC 97C7A67E EC81AF15
  D4FB0203 010001A3 8180307E 300F0603 551D1301 01FF0405 30030101 FF302B06
  03551D11 04243022 82206777 312E6167 726F636F 636F7261 2E726F2E 796F7572
  646F6D61 696E2E63 6F6D301F 0603551D 23041830 1680143A 2B0575BF 5E9E63C3
  04A7B45E 457358BC 89BC8C30 1D060355 1D0E0416 04143A2B 0575BF5E 9E63C304
  A7B45E45 7358BC89 BC8C300D 06092A86 4886F70D 01010405 00038181 004EC194
  9C3E72C7 E1455D1E 28AE7E65 1E0818BC DBEFBBF7 A8CBFCBA 7467AB27 F46A3897
  6B6E44D6 235BE99A E29F85A6 FADBA460 9E923C6C 00B0C9D8 BC1C0985 95CE79AE
  A5C35C7B 1DF21965 BC211502 85DCD48A A634B888 24D76E0D AB2DC89A 8E8E4D10
  D1A1955D 9942E017 AF51FC74 BEA81A4B 05A43133 4F894458 5A31F784 DE
        quit
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.82.1
ip dhcp excluded-address 192.168.82.2
ip dhcp excluded-address 192.168.82.3
ip dhcp excluded-address 192.168.82.4
ip dhcp excluded-address 192.168.82.5
ip dhcp excluded-address 192.168.82.254
ip dhcp excluded-address 192.168.82.101
!
ip dhcp pool sdm-pool
   import all
   network 192.168.82.0 255.255.255.0
   default-router 192.168.82.254
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name xxxx.local
!
!
!
username xxx privilege 15 secret 5 xxxxxxxxxxxxxxxxx
username xxx privilege 15 secret 5 xxxxxxxxxxxxxxxxx
username xxx privilege 15 secret 5 xxxxxxxxxxxxxxxxx
username xxx password 7 xxxxxxxxxx
!
!
crypto isakmp policy 1
 encr 3des
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
crypto isakmp fragmentation
!
crypto isakmp client configuration group xxxxx
 key xxxxx
 dns 192.168.6.8
 pool vpn1
 acl 151
 include-local-lan
 max-users 5
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map Dynmap_1 1
 reverse-route
!
crypto dynamic-map dynmap 10
 set transform-set myset
!
!
crypto map Cmap_1 65535 ipsec-isakmp dynamic Dynmap_1
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
archive
 log config
  hidekeys
!
!
!
!
!
interface Tunnel108
 description Connected to Hostcenter
 ip address 192.168.100.38 255.255.255.252
 keepalive 10 3
 tunnel source Dialer1
 tunnel destination xxxxxxx
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description Wan
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 speed 100
 full-duplex
 pppoe-client dial-pool-number 1
!
interface Vlan1
 description LAN
 ip address 192.168.83.254 255.255.255.0 secondary
 ip address 192.168.82.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Dialer1
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp chap hostname agromeccocor_IL
 ppp chap password 7 04095F515F7119
 ppp pap sent-username agromeccocor_IL password 7 06545B761C1E5C
 ppp ipcp dns request
 ppp ipcp address accept
 crypto map clientmap
!
ip local pool vpn 192.168.82.195 192.168.82.200
ip local pool vpn1 192.168.83.0 192.168.83.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.0.0 Tunnel108 name Hostcenter
!
no ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.82.101 80 interface Dialer1 80
ip nat inside source static udp 192.168.82.101 80 interface Dialer1 80
ip nat inside source static udp 192.168.82.101 5560 interface Dialer1 5560
ip nat inside source static tcp 192.168.82.101 5560 interface Dialer1 5560
ip nat inside source static tcp 192.168.82.101 5561 interface Dialer1 5561
ip nat inside source static tcp 192.168.82.3 3454 interface Dialer1 3454
ip nat inside source static tcp 192.168.82.3 554 interface Dialer1 554
ip nat inside source static udp 192.168.82.101 554 interface Dialer1 554
!
access-list 23 permit 192.168.0.0 0.0.255.255
access-list 23 permit any
access-list 102 remark NAT
access-list 102 permit ip 192.168.82.0 0.0.0.255 any
access-list 102 deny   ip 192.168.82.0 0.0.0.255 192.168.83.0 0.0.0.255
access-list 151 permit ip 192.168.82.0 0.0.0.255 any
access-list 151 remark VPN
snmp-server community xxx RO
snmp-server community xxx RO 1
snmp-server ifindex persist
snmp-server location xxxx, xx
snmp-server contact xxxxxxxxxxx
no cdp run
!
control-plane
!
!
line con 0
 password 7 110E4C53154352
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 193.162.159.194
sntp server 193.162.159.197
sntp server 193.162.145.130
end
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 9 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros