johnnybrian
IS-IT--Management
Hi All!
I have a problem with my VPN configuration, i can connect okay via the software VPN client, but when i ping my vpn gateway 192.168.0.1, the public ip answers with a "destination host unreachable". Also, i cant ping any other hosts in my internal 192.168.0.0 network when connected to VPN.
heres the config:
Building configuration...
Current configuration : 5687 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname OJ
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authorization exec default local
aaa authorization network groupauthor local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2488364287
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2488364287
revocation-check none
rsakeypair TP-self-signed-2488364287
!
!
crypto pki certificate chain TP-self-signed-2488364287
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343838 33363432 3837301E 170D3032 30333031 30303036
34355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383833
36343238 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CB82 3EB07027 E83889C0 C661E642 1CD48D42 E14D5678 365D799E FEAE07A7
E44AC4CB 0805E2EC DF8A3AEC E65D27DB 34797E77 92D5AF5B 343E8FF0 C37115C7
F0D837C9 84EFBB6E D6E7BBED 36CB0E23 654E5FB7 30C3DCB7 21763388 EB6BAE94
E300CDBC 0789A28A 6C6EAB05 046B2591 06F6C19D 482FD45A E4A5783B 0A4E3F65
880F0203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B4F4A2E 6F6A2E6C 6F63616C 301F0603 551D2304 18301680
148341B5 7E72CBEB 3387885B BE31747C D28C4B15 19301D06 03551D0E 04160414
8341B57E 72CBEB33 87885BBE 31747CD2 8C4B1519 300D0609 2A864886 F70D0101
04050003 81810074 4F996764 8856622C C037D115 65000217 CB53D34D E1E50515
9BCE6538 A3197ED5 B0B69FC7 CFC28FED 92B2D137 48928BDA 4E031151 32B039D0
75984CE7 3BCDBDC2 F53E59BA ADEDDAEF 9EF92949 1B126ADC A26C1726 372A27F5
C4D59A3B D0FF9CCF C92152CF 5948B24F ECB8428A C4F89D75 F23C0546 B392B689
9F45C8DE 022879
quit
dot11 syslog
!
!
ip cef
no ip domain lookup
ip domain name oj.local
!
!
!
Usernames hidden!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxxxxxxxxxxx
key xxxxxxxxxxxxx
dns 192.168.0.26
pool vpnpool
acl 151
include-local-lan
split-dns oj-local
max-users 5
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
!
!
!
interface Tunnel217
description Connected to xxxxxxxxxxxxx
ip address 192.168.217.54 255.255.255.252
keepalive 10 3
tunnel source FastEthernet1
tunnel destination xxxxxxxxxxxxx
!
interface Tunnel99
description Connected til xxxxxxxxxxxxx
ip address 192.168.200.201 255.255.255.252
ip tcp adjust-mss 1378
keepalive 10 3
tunnel source FastEthernet4
tunnel destination xxxxxxxxxxxxx
!
interface Tunnel34
description Connected to xxxxxxxxxxxxx
ip address 192.168.99.189 255.255.255.252
keepalive 10 3
tunnel source FastEthernet4
tunnel destination xxxxxxxxxxxxx
!
interface Tunnel100
description Connected to xxxxxxxxxxxxx
ip address 192.168.203.1 255.255.255.252
keepalive 10 3
tunnel source FastEthernet4
tunnel destination xxxxxxxxxxxxx
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description Connected to nianet
ip address xxxxxxxxxxxxx 255.255.255.248
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
crypto map clientmap
!
interface Vlan1
description Connected to LAN
ip address xxxxxxxxxxxxx 255.255.255.224 secondary
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
crypto map clientmap
!
ip local pool vpnpool 192.168.249.100 192.168.249.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxx
ip route 192.168.4.0 255.255.255.0 Tunnel99 name Borris
ip route 192.168.8.0 255.255.255.0 Tunnel100 name fano
ip route 192.168.33.0 255.255.255.0 Tunnel34 name kje
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.24 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.0.136 21 interface FastEthernet4 21
ip nat inside source static tcp 192.168.0.25 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.0.24 3389 interface FastEthernet4 4024
ip nat inside source list 102 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.25 443 xxxxxxxxxxxxx 443 extendable
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 23 permit any
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 151 remark VPN access
access-list 151 permit ip 192.168.0.0 0.0.0.255 any
access-list 151 permit ip any any
no cdp run
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
I have a problem with my VPN configuration, i can connect okay via the software VPN client, but when i ping my vpn gateway 192.168.0.1, the public ip answers with a "destination host unreachable". Also, i cant ping any other hosts in my internal 192.168.0.0 network when connected to VPN.
heres the config:
Building configuration...
Current configuration : 5687 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname OJ
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authorization exec default local
aaa authorization network groupauthor local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2488364287
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2488364287
revocation-check none
rsakeypair TP-self-signed-2488364287
!
!
crypto pki certificate chain TP-self-signed-2488364287
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343838 33363432 3837301E 170D3032 30333031 30303036
34355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383833
36343238 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CB82 3EB07027 E83889C0 C661E642 1CD48D42 E14D5678 365D799E FEAE07A7
E44AC4CB 0805E2EC DF8A3AEC E65D27DB 34797E77 92D5AF5B 343E8FF0 C37115C7
F0D837C9 84EFBB6E D6E7BBED 36CB0E23 654E5FB7 30C3DCB7 21763388 EB6BAE94
E300CDBC 0789A28A 6C6EAB05 046B2591 06F6C19D 482FD45A E4A5783B 0A4E3F65
880F0203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B4F4A2E 6F6A2E6C 6F63616C 301F0603 551D2304 18301680
148341B5 7E72CBEB 3387885B BE31747C D28C4B15 19301D06 03551D0E 04160414
8341B57E 72CBEB33 87885BBE 31747CD2 8C4B1519 300D0609 2A864886 F70D0101
04050003 81810074 4F996764 8856622C C037D115 65000217 CB53D34D E1E50515
9BCE6538 A3197ED5 B0B69FC7 CFC28FED 92B2D137 48928BDA 4E031151 32B039D0
75984CE7 3BCDBDC2 F53E59BA ADEDDAEF 9EF92949 1B126ADC A26C1726 372A27F5
C4D59A3B D0FF9CCF C92152CF 5948B24F ECB8428A C4F89D75 F23C0546 B392B689
9F45C8DE 022879
quit
dot11 syslog
!
!
ip cef
no ip domain lookup
ip domain name oj.local
!
!
!
Usernames hidden!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxxxxxxxxxxx
key xxxxxxxxxxxxx
dns 192.168.0.26
pool vpnpool
acl 151
include-local-lan
split-dns oj-local
max-users 5
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
!
!
!
interface Tunnel217
description Connected to xxxxxxxxxxxxx
ip address 192.168.217.54 255.255.255.252
keepalive 10 3
tunnel source FastEthernet1
tunnel destination xxxxxxxxxxxxx
!
interface Tunnel99
description Connected til xxxxxxxxxxxxx
ip address 192.168.200.201 255.255.255.252
ip tcp adjust-mss 1378
keepalive 10 3
tunnel source FastEthernet4
tunnel destination xxxxxxxxxxxxx
!
interface Tunnel34
description Connected to xxxxxxxxxxxxx
ip address 192.168.99.189 255.255.255.252
keepalive 10 3
tunnel source FastEthernet4
tunnel destination xxxxxxxxxxxxx
!
interface Tunnel100
description Connected to xxxxxxxxxxxxx
ip address 192.168.203.1 255.255.255.252
keepalive 10 3
tunnel source FastEthernet4
tunnel destination xxxxxxxxxxxxx
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description Connected to nianet
ip address xxxxxxxxxxxxx 255.255.255.248
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
crypto map clientmap
!
interface Vlan1
description Connected to LAN
ip address xxxxxxxxxxxxx 255.255.255.224 secondary
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
crypto map clientmap
!
ip local pool vpnpool 192.168.249.100 192.168.249.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxx
ip route 192.168.4.0 255.255.255.0 Tunnel99 name Borris
ip route 192.168.8.0 255.255.255.0 Tunnel100 name fano
ip route 192.168.33.0 255.255.255.0 Tunnel34 name kje
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.24 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.0.136 21 interface FastEthernet4 21
ip nat inside source static tcp 192.168.0.25 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.0.24 3389 interface FastEthernet4 4024
ip nat inside source list 102 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.25 443 xxxxxxxxxxxxx 443 extendable
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 23 permit any
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 151 remark VPN access
access-list 151 permit ip 192.168.0.0 0.0.0.255 any
access-list 151 permit ip any any
no cdp run
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
![[americanflag]](/data/assets/smilies/americanflag.gif "[americanflag] [americanflag]")
Go Army!