Unable to ping ip address from connected vpn client

Hi All,
I'm having an issue where as I can connect to the VPN. that i've created on this Cisco 837 router, but I can't ping a PC inside the network or ping the router on the IP from the client side.  I'm pasting my config below. It would be great if someone can point me in the right direction.
I'm sure it something simple, just I'm not thinking of it.

Router IP:
PC: (I am trying to ping  this pc from the connected client side)
Firewall is currently allowing all traffic through to the router, so is not blocking ICMP
Router01#show run
Building configuration...

Current configuration : 2120 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router01
memory-size iomem 5
enable secret 5 $1$QCCC$pOpRL.UjTxxhDmsvYT.zG/
enable password xxxxx
username xxxxx password 0 xxxxx
username CRWS_xxxxx privilege 15 password 0 $1$W1fA$o1oSEpa1983951347
username CRWS_xxxxx privilege 15 password 0 $1$W1fA$o1oSEpa2103948567
username CRWS_xxxxx privilege 15 password 0 $1$W1fA$o1oSEpa1446099413
username CRWS_xxxxx privilege 15 password 0 $1$W1fA$o1oSEpa1688257825
aaa new-model
aaa authentication ppp default local
aaa session-id common
ip subnet-zero
no ip routing
ip audit notify log
ip audit po max-events 100
ip ssh break-string
vpdn enable
vpdn-group VOICE-VPN
! Default PPTP VPDN group
  protocol pptp
  virtual-template 1
no ftp-server write-enable
no crypto isakmp enable
interface Ethernet0
 ip address
 no ip route-cache
 hold-queue 100 out
interface ATM0
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
interface Virtual-Template1
 ip unnumbered Ethernet0
 ip mroute-cache
 peer default ip address pool defaultpool
 ppp encrypt mppe auto required
 ppp authentication ms-chap ms-chap-v2
ip local pool defaultpool
ip default-gateway
ip classless
ip route permanent
ip http server
no ip http secure-server
access-list 101 permit ip any any
access-list 101 permit icmp any any
line con 0
 no modem enable
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 password xxxxx
 transport preferred all
 transport input all
 transport output all
scheduler max-task-time 5000

Thanks for any help in advance
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

To debug:
1) Check that Windows firewalls are off, or permit ping.

2) Using 'ipconfig /all' ensure that there on interface [tun or tap] has an ip assigned in the range.

Note: - is in the RFC1918 private address range, 172.160.x.y is not.
This traffic by default IS routable over the public internet. Shouldn't break your config, but one to watch out for.

You've said that the vpn client can connect, but we're assuming that it's connected to the public internet and reaching the 837 by its WAN interface. Can you confirm that the vpn client can surf and that clients behind the 837 can too please?



NicodemiusAuthor Commented:

thanks for your reply.

From the client machine i do get an ip address:
ipconfig /all shows:
ip address:
subnet mask:
client is not using default gateway on remote network.
client is unable to ping the router that is connected to.
client is uanble to ping the pc.
Client is able to surf the internet as it using it own gateway.
Client firewall is disabled.

From the router view.
Able to ping the the pc that is on
Able to ping the firewall that is the default gateway for the router on
i''m unable to ping the vpn connected client that on
I can ping any site through this router successfully.

I've added a diagram below so you can have an idea of how the setup looks

Thanks for the diagram, it helped.

Would you review the diagram i've responded with and let me know if shows your config please?
It shows the physical connections, we'll get onto the vpn connections presently.

Will you tell me the DHCP range and LAN interface address of Router A?

Will you tell me the WAN interface address of the Juniper, in the same way you've shown the other WAN IP's.

Are you using the PPTP client which is built-in to Windows (on the laptop in the diagram)?

Are you port forwarding TCP 1723 on the Juniper to the Eth0 address on the Cisco 837 (


The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

NicodemiusAuthor Commented:

thanks for responding

yes the diagram you've done is what the config of my network looks like, but the 87.83.x.x address is the wan address Ive been given to use, it one of the many MIPs assigned on the juniper.  

All traffic on the MIP is currently being allowed and not blocking any IP or ICMP messages.

Router A,
Is just a standard home network. -
with the gateway of

Side note: I've also created  VPN connections from my own home network using my windows and mac machines to the router and they get ip successfully as in and, but again i can't ping the router or any other IP address in this range. from my mac or windows machine.

I'm just using the windows client and on the mac the vpn client for mac. I'm not using the cisco vpn software at all.  I wanted to do things as simple as possible.

Port 1723 is being forwarded successfully to ethernet0. As I can create vpn connection that can authenticate and an ip address from the range specified.

I've tested it by changing ip local pool defaultpool to various ranges and then on the cilent side disconnecting and reconnecting the client and getting an IP in the range I've set in this command.
This tells me i am connecting to the router and not some other device.

Thanks ever so much for you questions and ideas so far

I can't help wondering if it's the address range of your remote subnet which is causing issue.
172.160.x.y is not an RFC 1918 address, and hence IS routable over the internet, unlike: –, – and –

So with split tunneling, this would exit your network over the non-vpn-tunnel outbound route potentially.

Is changing the remote subnet...or adding a 172.16.x.y possible?

If from my machine I do a tracert on the addresses you indicate as being present on the remote LAN, they resolve to AOL WAN addresses.

Tracing route to ACA00065.ipt.aol.com []
over a maximum of 30 hops:

  1   153 ms   153 ms   154 ms  ^C

Tracing route to ACA00066.ipt.aol.com []
over a maximum of 30 hops:

  1   153 ms   153 ms   153 ms

I can't ping either of them...

NicodemiusAuthor Commented:

Sorry for not replying was away on a long weekend.

I've also got the 172.160.x.x going to aol server that is including for 172.160.253

I've manage to get the system architect to change the range he has given me from 172.160.x.x
to 172.30.x.x

I was able to connect to the vpn getting ip address on the client and my mac on

So the vpn is working.

But again I'm  still unable to ping or pc on the internal network)  

Any suggestions?
NicodemiusAuthor Commented:
just to add

from the router:

show users

Interface            User            Mode                     Idle             peer address
Vi4                     testuser       PPPoVPDN          00:02:23


1.  *  *  *
2.  *  *  *
3.  *  *  *

NicodemiusAuthor Commented:
sweet looks like i manage to solve the issue

i've changed no ip routing

to ip routing

Router01>show ip route

has given me gateway of last resort is to network

                   is variably subnetted, 2 subnets, 2 masks
C                 is directly connected, Ethernet0
C                          172.30.0100/32 is directly connected, Virtual-Access4
S*                [1/0] via

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NicodemiusAuthor Commented:
I'm able to ping the router.
Ping the test computers I've set up to capture data
It all work
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.