Hi all
I have connected a client to the server. The issue is that server is not
routing back the reply packet to the client.
20.0.0.6 address is leased to client. From client, I ping 10.0.0.100.
The server gets reply from 10.0.0.100 but doesn't send into the
virtual-access.
What could be the issue?
R2#sh run
Building configuration...
Current configuration : 2093 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
aaa new-model
!
!
aaa authentication login auth local
aaa authorization network auth local
!
!
aaa session-id common
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
no ip domain lookup
ip domain name king.com
ip host server 10.0.0.100
!
multilink bundle-name authenticated
!
!
!
!
!
username cisco privilege 15 password 0 cisco123
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group ezvpn
key cisco
dns 136.1.23.2
pool addr
acl 123
crypto isakmp profile prof
match identity group ezvpn
client authentication list auth
isakmp authorization list auth
client configuration address respond
client configuration group ezvpn
virtual-template 2
!
!
crypto ipsec transform-set tran esp-3des esp-sha-hmac
!
crypto ipsec profile prof
set transform-set tran
set reverse-route tag 4
set isakmp-profile prof
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface Serial0/1
ip address 136.1.23.2 255.255.255.0
!
interface Virtual-Template1
no ip address
!
interface Virtual-Template2 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile prof
!
router eigrp 2
network 10.0.0.0 0.0.0.255
network 136.1.23.0 0.0.0.255
no auto-summary
!
ip local pool addr 20.0.0.4 20.0.0.6
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip dns server
!
access-list 123 permit ip 10.0.0.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous level 0 limit 20
line aux 0
exec-timeout 0 0
privilege level 15
line vty 0 4
password cisco
!
!
end
Rack1R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
136.1.0.0/24 is subnetted, 5 subnets
D EX 136.1.11.0 [170/21358848] via 136.1.23.3, 00:19:54, Serial0/1
C 136.1.23.0 is directly connected, Serial0/1
D 136.1.100.0 [90/2172416] via 136.1.23.3, 00:19:54, Serial0/1
D EX 136.1.121.0 [170/21358848] via 136.1.23.3, 00:19:54, Serial0/1
D 136.1.123.0 [90/2172416] via 136.1.23.3, 00:19:54, Serial0/1
20.0.0.0/32 is subnetted, 1 subnets
S 20.0.0.6 [1/0] via 0.0.0.0, Virtual-Access2
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 150.1.3.0/24 [90/2297856] via 136.1.23.3, 00:19:55, Serial0/1
D EX 150.1.1.1/32 [170/21358848] via 136.1.23.3, 00:19:55, Serial0/1
debug ip packet o/p on the IP EzVPN server
*May 25 02:44:36.785: IP: s=136.1.23.2 (local), d=224.0.0.10 (Serial0/1),
len 60
, sending broad/multicast
Rack1R2#
*May 25 02:44:39.434: IP: s=10.0.0.2 (local), d=224.0.0.10
(FastEthernet0/0), le
n 60, sending broad/multicast
*May 25 02:44:40.047: IP: tableid=0, s=10.0.0.100 (FastEthernet0/0),
d=20.0.0.6
(Virtual-Access2), routed via RIB
*May 25 02:44:40.047: IP: s=10.0.0.100 (FastEthernet0/0), d=20.0.0.6
(Virtual-Ac
cess2), g=20.0.0.6, len 60, forward
*May 25 02:44:40.139: IP: s=136.1.23.3 (Serial0/1), d=224.0.0.10, len 60,
rcvd 2
Rack1R2#
*May 25 02:44:41.325: IP: s=136.1.23.2 (local), d=224.0.0.10 (Serial0/1),
len 60
R2#sh crypto ipsec sa
interface: Virtual-Access2
Crypto map tag: Virtual-Access2-head-0, local addr 136.1.23.2
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (20.0.0.6/255.255.255.255/0/0)
current_peer 136.1.100.200 port 1300
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 15, #pkts decrypt: 15, #pkts verify: 15
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
