Question : EASY VPN CISCO

Hi,

I am trying to set up easy vpn in a lab enviroment.

I have a 3640 (running under GNS3 on a linux box) set up for easy VPN. and the PC can form a VPN connection with it.

the Ip addressing is as follows

3640 exernal ip (E0/0) = 192.168.5.46
PC ip = 192.168.5.48
ADSL router ip = 192.168.5.254

as in the digram below

 
netdiag1.jpg (68 KB) (File Type Details) 
my set up
330739
 


The PC has the cisco 5.x client with default settings.

So the connection forms fine, but when I ping 4.2.2.2 from the PC its fails. I put a trace on the PC VPN interface and i see a conversation 10.0.11.x (so its picking up the ip address fine) direct to 4.2.2.2 ???

i expected to see an encrypted conversation between 192.168.5.46 and 192.168.5.48 carrying the encrypted conversation between 10.0.10.x and 4.2.2.2. So from what I can tell the packets are going direct rather then through the tunnel. Although the tunnel does show the packets are getting encrypted? (count goes up on each ping)

Any ideas whats going worng and how to get this working? Config below

Cheers
 
R1.txt (2 KB) (File Type Details) 
Router config
 

Answer : EASY VPN CISCO

DevilWAH,
   Ack.  My bad.  Sorry...  Not enough coffee yet.

You need to use dynamic virtual tunnel interfaces (DVTIs) to do that so you can create an interface to nat inside or outside to.

Here is a sample config:

http://cisco.biz/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/prod_white_paper0900aecd803645b5.html


BUT...  On closer inspection of your diagram, I have to agree with BitFreeze... your on the same network and that won't work...  You either need to have a separate subnet for each leg or supersubnet the range.

Else, the router won't get the packet back because the modem and router both believe that the end host is on the same lan.  Why route it if its local?

-Cheers, Peter.
Random Solutions  
 
programming4us programming4us