I have Cisco Easy VPN setup on a SR520 router with IOS Version 12.4(20)T6. = The client computer is running Linux using vpnc 0.5.3
After making a vpn connection if I ping the router vlan ip from the client = computer the numbers increase shown by this command:
Router#show crypto ipsec sa #pkts decaps: 25, #pkts decrypt: 25, #pkts verify: 25
I don't get a reply shown by the ping command either on the client or if I = ping from the router to the client vpn assigned IP.
Here is the routing table on the Linux client computer after establishing t= he vpn. $ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt If= ace
10.50.6.0 * 255.255.255.255 UH 0 0 0 tu= n0 sr520 public ip 192.168.1.2 255.255.255.255 UGH 1500 0 0 et= h0 10.50.6.0 * 255.255.255.192 U 0 0 0 tu= n0 localnet * 255.255.255.0 U 0 0 0 et= h0 loopback * 255.0.0.0 U 0 0 0 lo default 192.168.1.2 0.0.0.0 UG 0 0 0 et= h0Here is the router config:
Current configuration : 2991 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname sr520 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 removed ! aaa new-model ! ! aaa authentication login default local aaa authorization network default local=20 ! ! =20 aaa session-id common ! ! dot11 syslog ip source-route ! ! ip cef ! no ipv6 cef multilink bundle-name authenticated ! ! username removed privilege 15 secret 5 removed !=20 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group vpn key removed pool dpool acl 107 crypto isakmp profile vi match identity group vpn isakmp authorization list default client configuration address respond client configuration group vpn virtual-template 1 ! ! crypto ipsec transform-set set esp-3des esp-sha-hmac=20 ! crypto ipsec profile vi set transform-set set=20 set isakmp-profile vi ! ! archive log config hidekeys ! ! ! ! ! interface Loopback0 no ip address ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto=20 ! interface ATM0.1 point-to-point description WAN via ADSL pvc 0/35=20 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 switchport access vlan 75 ! =20 interface FastEthernet1 switchport access vlan 75 ! interface FastEthernet2 switchport access vlan 75 ! interface FastEthernet3 switchport access vlan 75 ! interface Virtual-Template1 type tunnel ip unnumbered Loopback0 tunnel mode ipsec ipv4 tunnel protection ipsec profile vi ! interface Vlan1 no ip address shutdown ! interface Vlan75 ip address 10.50.6.14 255.255.255.192 ip nat inside ip virtual-reassembly ! =20 interface Dialer0 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname removed ppp chap password 7 removed ppp pap sent-username removed password 7 removed ! ip local pool dpool 10.50.6.15 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server no ip http secure-server ip nat inside source list 100 interface Dialer0 overload ! access-list 100 permit tcp 10.50.6.16 0.0.0.192 any access-list 107 permit ip host 10.50.6.0 any !
Suspecting it may be a NAT issue I tried removing this command
ip nat inside source list 100 interface Dialer0 overload
but I still can't ping even without that.