Previous Topic

The IP-addresses of the VPN modem are not pinged

CiscoBeginner Posts 1 Registration date Friday November 1, 2024 Status Member Last seen November 1, 2024 - Updated on Nov 2, 2024 at 10:40 AM

Hello! An Internet modem is connected to the FastEthernet4 interface of the Cisco 881-SEC-K9 router, a VPN modem is connected to the FastEthernet1 interface, and an unmanaged LAN switch is connected to the FastEthernet0 interface. It is necessary to that the computer connected to the switch have the Internet and access certain resources via a VPN modem. The IP address of the Internet modem is 10.41.196.2 (DHCP is enabled on the modem), the VPN modem is 172.26.66.171. The Cisco configuration is as follows:

version 15.5
 
no service pad
 
service timestamps debug datetime localtime
 
service timestamps log datetime localtime
 
service password-encryption
 
!
 
hostname 881_Router
 
!
 
boot-start-marker
 
boot system flash:c880data-universalk9-mz.155-3.M10.bin
 
boot-end-marker
 
!
 
!
 
logging buffered 65536
 
enable secret 5 ******************************
 
!
 
aaa new-model
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
aaa session-id common
 
ethernet lmi ce
 
memory-size iomem 10
 
clock timezone EET 3 0

 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
 
 
 
 
ip port-map http port tcp from 1 to 65535  list 1
 
!
 
!
 
!
 
!
 
ip domain name *****************
 
ip inspect name CSM_INSPECT_1 http
 
ip cef
 
no ipv6 cef
 
!
 
!
 
multilink bundle-name authenticated
 
license udi pid CISCO881-SEC-K9 sn ***********
 
!
 
!
 
archive
 
 log config
 
  logging enable
 
  logging size 200
 
  hidekeys
 
object-group service RDP
 
 tcp eq 3389
 
!
 
username Admin_bez privilege 15 secret 5 ******************************
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
!
 
interface FastEthernet0
 
 description lan
 
 switchport access vlan 20
 
 no ip address
 
!
 
interface FastEthernet1
 
 description vpn
 
 switchport access vlan 30
 
 no ip address
 
!
 
interface FastEthernet2
 
 description lan
 
 switchport access vlan 20
 
 no ip address
 
!
 
interface FastEthernet3
 
 description lan
 
 switchport access vlan 20
 
 no ip address
 
!
 
interface FastEthernet4
 
 description WAN
 
 ip address dhcp client-id FastEthernet4
 
 ip nat outside
 
 ip virtual-reassembly in
 
 shutdown
 
 duplex auto
 
 speed auto
 
!
 
interface Vlan1
 
 no ip address
 
 no ip redirects
 
 no ip proxy-arp
 
 ip virtual-reassembly in
 
!
 
interface Vlan20
 
 description lan
 
 ip address 10.40.169.3 255.255.255.0
 
 ip access-group Inbound in
 
 ip access-group Outbound out
 
 ip nat inside
 
 ip virtual-reassembly in
 
!
 
interface Vlan30
 
 description vpn
 
 ip address 172.26.66.173 255.255.255.248
 
 ip access-group Inbound in
 
 ip nat outside
 
 ip virtual-reassembly in
 
!
 
ip forward-protocol nd
 
no ip http server
 
no ip http secure-server
 
!
 
!
 
ip dns server
 
ip nat inside source route-map RMAP_NAT_FastEthernet4 interface FastEthernet4 overload
 
ip route 10.96.16.0 255.255.255.0 172.26.66.169
 
ip route 10.128.217.12 255.255.255.255 172.26.66.169
 
ip route 10.254.11.31 255.255.255.255 172.26.66.169
 
ip route 81.30.80.63 255.255.255.255 172.26.66.169
 
ip route 172.26.0.0 255.255.0.0 172.26.66.169
 
ip route 172.30.1.242 255.255.255.255 172.26.66.169
 
ip route 192.168.110.0 255.255.255.0 172.26.66.169
 
ip route 192.168.120.0 255.255.255.0 172.26.66.169
 
ip route 192.168.144.0 255.255.240.0 172.26.66.169
 
ip route 192.168.201.0 255.255.255.0 172.26.66.169
 
ip route 0.0.0.0 0.0.0.0 dhcp
 
ip ssh version 2
 
!
 
ip access-list standard SNMP_ACCESS_RO
 
 permit 10.96.16.2
 
ip access-list standard admin
 
 permit 10.96.16.91
 
 permit 10.96.16.32
 
 permit 10.40.169.234
 
 permit 10.40.169.115
 
 deny   any log
 
!
 
ip access-list extended ACL_NAT
 
 permit ip 10.40.169.0 0.0.0.255 any
 
ip access-list extended Inbound
 
 permit icmp any any
 
 permit udp any any
 
 permit tcp any any
 
ip access-list extended Outbound
 
 permit icmp any any
 
 permit udp any any
 
 permit tcp any any
 
!
 
!
 
route-map RMAP_NAT_FastEthernet4 permit 10
 
 match ip address ACL_NAT
 
 match interface FastEthernet4
 
!
 
snmp-server community zabbix_mos_admin RO SNMP_ACL
 
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
 
snmp-server host 10.96.16.2 version 2c zabbix_mos_admin
 
!
 
!
 
!
 
control-plane
 
!
 
!
 
line con 0
 
 logging synchronous
 
 no modem enable
 
line aux 0
 
line vty 0 4
 
 access-class admin in
 
 exec-timeout 60 0
 
 password 7 **********************
 
 logging synchronous
 
 transport input ssh
 
!
 
ntp source Vlan30
 
ntp update-calendar
 
ntp server 10.96.16.2
 
!
 
end

There is Internet on the computers of the local network. The IP address 172.26.66.173 of the Vlan30 port bound to the FastEthernet1 interface to which the VPN modem is connected is pinged from the LAN computer (if the mask of the additional IP address of the computer 172.26.66.177 is  255.255.255.248, if the mask is 255.255.255.0, then no). The IP addresses of the 172.266.66.XXX network and the IP addresses specified in the Cisco "ip route" commands are pinged from the Cisco console. But all these addresses are not pinged from the LAN computer, only 172.266.66.173 (Vlan30 address). I tried to enable routing on my computer:

route ADD 10.128.217.12 255.255.255.255 172.26.66.173

Nothing has changed, the address 10.128.217.12 did not ping after that. Question: what should I do to make the IP addresses of the 172.26.66.xxx network and those specified in the "ip route" commands on Cisco "visible" from the computer?
Windows / Chrome 130.0.0.0

Related: