- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- VPN tunnel up but can't see anything on the networ...
Switches, Hubs, and Modems
1753521
Members
5107
Online
108795
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-10-2008 11:39 AM
тАО07-10-2008 11:39 AM
VPN tunnel up but can't see anything on the network
I have a 7203dl, SROS J08.03, ROM J06.06. I've follow the instructions in 3 different documents to setup an IPSec VPN in tunnel mode. My eth 0/1 is 10.1.0.1/16. The tunnel uses an ip range of 10.100.100.1 - 10.100.100.255. I push two internal DNS's, 10.1.0.37 & 10.1.0.38 to the client.
When the tunnel comes up, I can see in the log viewer that my client gets assigned 10.100.100.1 as it's address and receives the two dns's. At this point, I can ping the router at 10.1.0.1 but that's it. I can't ping either of the dns's, 10.1.0.37 or 38, nor can I ping any other resource on the 10.1.0.0/16 network. Why is this so? I was under the impression that this tunnel would basically work as an extension of my network. This doesn't seem to be the case at all. Can anyone shed some insight?
When the tunnel comes up, I can see in the log viewer that my client gets assigned 10.100.100.1 as it's address and receives the two dns's. At this point, I can ping the router at 10.1.0.1 but that's it. I can't ping either of the dns's, 10.1.0.37 or 38, nor can I ping any other resource on the 10.1.0.0/16 network. Why is this so? I was under the impression that this tunnel would basically work as an extension of my network. This doesn't seem to be the case at all. Can anyone shed some insight?
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2008 03:32 AM
тАО07-11-2008 03:32 AM
Re: VPN tunnel up but can't see anything on the network
offcourse first the packets need to be received by this router. is this the default-gateway of the DNS's?
after setting up the tunnel, the system needs to know what packets may be sent over this tunnel,called "interesting trafffic".
please check subnetmasks used!
if both "10.1" and "10.100" fall within the same network (subnet). the router will see no need to pick up the packets: all traffic is local and need not be routed!
do a show access-list and show crypto-map to find out if there is traffic "interresting" to send over the tunnel.
if you specify "log" in the accesslist
>>> ip access-list extended
>>>corporate_traffic
>>>permit ip 10.10.10.0 0.0.0.255 any log
>>> deny ip any any log
it may help to track whats packets are allowed or not.
after setting up the tunnel, the system needs to know what packets may be sent over this tunnel,called "interesting trafffic".
please check subnetmasks used!
if both "10.1" and "10.100" fall within the same network (subnet). the router will see no need to pick up the packets: all traffic is local and need not be routed!
do a show access-list and show crypto-map to find out if there is traffic "interresting" to send over the tunnel.
if you specify "log" in the accesslist
>>> ip access-list extended
>>>corporate_traffic
>>>permit ip 10.10.10.0 0.0.0.255 any log
>>> deny ip any any log
it may help to track whats packets are allowed or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2008 06:06 AM
тАО07-11-2008 06:06 AM
Re: VPN tunnel up but can't see anything on the network
I thought this was the default gateway for the DNS's but it turned out not to be so. I've changed them to use it. We'll see what differences that makes.
I've attached a copy of the crypto portion of my config file for you to look at.
I've attached a copy of the crypto portion of my config file for you to look at.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-18-2008 09:17 AM
тАО07-18-2008 09:17 AM
Re: VPN tunnel up but can't see anything on the network
I finally got this working by using a virtual adapter. This is exactly the opposite of how the VPN doc has you setup the client for mode config but it's the only way I got it to work.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP