Cannot reach VPN Client

[wanau]

Hi,

I setup a VPN Server on our Cisco 831. My client can connect trought VPN, I got a good address but anybody can reach the client and the client cannot each anybody. According to me it's a routing problem our an access problem. Furthermore, when the my vpn client is up, i'm unable to ping the client form my Cisco. The VPN server didn't see his own client?

Somes ideas!

Here is my config:

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco831
!
logging queue-limit 100
no logging buffered
enable secret 5 $1$JZNW$i6BvVRFj8S1NyAoMMgtwZ0
!
username xxxx password 7 05080F1C2243
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpngroup
key 0 xxxxxxx
dns 192.168.4.248
wins 192.168.4.248
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauhtor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
partition flash 2 10 2
!
!
!
!
interface Tunnel0
ip address 172.25.25.1 255.255.0.0
!
interface Ethernet0
ip address 192.168.50.1 255.255.255.0
hold-queue 100 out
!
interface Ethernet1
ip address 192.168.7.15 255.255.255.0
duplex auto
crypto map clientmap
!
router rip
version 2
redistribute connected
network 172.25.0.0
network 192.168.7.0
network 192.168.50.0
!
ip local pool ippool 172.25.25.100 172.25.25.200
ip classless
ip http server
ip http secure-server
!
!
ip access-list extended ios_web_exec
ip access-list extended timeout
route-map nonat permit 10
!
!
line con 0
password 7 060506324F41
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 094F471A1A0A
!
scheduler max-task-time 5000
!
end

 

[isokocons]

Do an 'ipconfig' or 'route print' on the clients. What is their default gateway. They might have obtained an ip address, what about a default gateway?

The default gateway must be an ip address on the same network and subnet with the clients.

The issue might just be that, when the clients ping, there is no return path, etc.

Thanks.
Isokocons

 

[wanau]

In the route table on my vpn client, the IP address is the one then i received by my vpn server. So, my default gateway is myself.

 

[wanau]

OK, I partially resolved my problem but the only things it's my vpn client cannot received anythings trought the tunnel. I already an ACL in my crypto group to indicate th secured route and with that, the trffic of my vpn client can go out but the traffic didn't come back.

HELP!!

 

[mrueckbr]

You don't need a tunnel interface for this.
Please delete the tunnel interface and try it again.
The ipsec tunnel has nothing to do yith a tunnelinterface on the router.
further you need a static route entry that the pool addresses are reachable via your e1
ip route 172.25.25.0 255.255.255.0 ethernet 1