SITE A
- A Cisco router (877W), configured for incoming VPN IPSec client connections
- Some servers, in a 192.168.0.0/24 network
SITE B
- A Linux box with a physical NIC and a vpnc client (tun0/30.30.30.20, sent by the Cisco router of Site A), routing is enabled
- Some workstations, in a 192.168.1.0/24 network
The problem
While Site B can successfully access the servers of Site A with their LAN address, servers in Site A can only ping the Linux box with his VPN address. They are unable to access the workstations in the 192.168.1.0/24 LAN.
Cisco router configuration
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local dynpool
!
crypto isakmp client configuration group groupxxx
key xxxx
pool dynpool
acl 105
crypto isakmp profile ciscocp-ike-profile-1
match identity group groupxxx
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 30.30.30.0 0.0.0.255
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 105 permit ip 30.30.30.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 105 permit ip 192.168.0.0 0.0.0.255 30.30.30.0 0.0.0.255
Thanks by advance.
Best Answer
Add
on the cisco router and see if that works.
Edit:
And do you have any kind of NAT in the mix?