VPN inside network - can't ping devices

Discussion in 'Cisco' started by Stepin, May 14, 2011.

  1. Stepin

    Stepin

    Joined:
    May 14, 2011
    Messages:
    2
    Hello,

    I need some help to troubleshoot my configuration very special. I'm trying to build a VPN connection to progress with my CISCO Knowledge.

    I have 1 Cisco switch 2940, and 1 router Cisco 1721.
    My CISCO 1721 only have 1 ethernet port, making it harder to build everything.

    What i've done so far is create 3 vlan, and inter-vlan routing with the help of the router. This works perfectly with the help of 3 SUB Interfaces. That means, all trafic came in /out in the same port.

    Now i would like to test a VPN connection. In a typical way, you would connect one ethernet port to internet, and the other one to the private network.
    As i only have 1 ethernet port, i need to try the VPN connection over one sub interface.

    See the layout to understand.
    I have the Test PC with static IP address, 172.10.10.3, and i'm able to make a VPN connection with radius.
    But once i get connected, i'm often quicly disconnected (6 to 10 seconds), or sometimes it last ages.
    Anyway, when i'm connected, i can't ping any devices over my network.

    I try to configure my routing tables from the TEST PC and was able to ping but i don't think i was pinging over IPSEC.

    My question is, with the layout attached, is it possible or not to accomplish what i want ?

    The major problem is that i need to reach the router like if i was on internet, and then access the network, but i'm already connect to the internal network with the cable so i don't understand how it would be possible for the traffic to :
    TEST PC ---> Switch VLAN 3 ---> ROUTER (172.10.10.1) --> IP POOL (10.33.100.1) ---> ROUTER ---> Switch VLAN 3 --> TEST PC

    And then :
    TEST PC - 10.33.100.1 (PING 10.33.0.2) --> 172.10.10.3 --> SWITCH VLAN3 --> ROUTER (172.10.10.1) ---> ROUTER (10.33.0.1) --> Switch VLAN 1 ---> SERVER
    And then came back to the TEST PC.

    As i can do the same thing without IP SEC. I try to set Access-list to prevent traffic out of the router Sub Interface 3 if it's not IPSECured but it doesn't change anything.
    Thanks
     

    Attached Files:

    Stepin, May 14, 2011
    #1
    1. Advertising

  2. Stepin

    Stepin

    Joined:
    May 14, 2011
    Messages:
    2
    Up !
    Any thoughts guys ? Thanks
     
    Stepin, May 20, 2011
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V0pQQw==?=

    Can not ping myself, but can ping others

    =?Utf-8?B?V0pQQw==?=, Dec 25, 2004, in forum: Wireless Networking
    Replies:
    6
    Views:
    6,023
    Chuck
    Dec 26, 2004
  2. Bob Simon
    Replies:
    8
    Views:
    7,229
    John Lamar
    Jan 19, 2005
  3. curious@nospam.com

    Can security devices harm DVDs and electronic devices?

    curious@nospam.com, Feb 22, 2005, in forum: DVD Video
    Replies:
    12
    Views:
    1,591
    curious@nospam.com
    Mar 2, 2005
  4. moranwa@gmail.com

    ASA 5520 VPN client cannot ping inside network

    moranwa@gmail.com, Jul 29, 2008, in forum: Cisco
    Replies:
    2
    Views:
    3,842
    moranwa@gmail.com
    Jul 30, 2008
  5. superkingkong
    Replies:
    2
    Views:
    1,887
    superkingkong
    Apr 17, 2010
Loading...

Share This Page