Routing - ping A-B, can't ping B-A

Similar Messages

• I cant connect to my router wirelessly but I can connect...

  I cant connect to my router wirelessly but I can connect directly, Is there anything I can do about this?

  does the wired computer get an ip address from the router ?? check whether it pings the router's ip add ( default ip add - 192.168.1.1 )

• I have a iMac with a built in airport extreme card.  Does the imac act as a wireless router so that I can connect to the internet from my iPad by tethering through my iMac?

  I have a iMac with a built in airport extreme card.  Does the imac act as a wireless router so that I can connect to the internet from my iPad by tethering through my iMac?

  Depends which iMac exactly and your network setup, you can go into System Preferences and under the Sharing pane you can enable internet sharing from ethernet (or whereever you get your internet from) to Wi-Fi.

• My mac can't connect to belkin router?  My mac can connect but I still can't surf the net? Help Please... This is my first time to use mac and belkin.

  My mac can't connect to belkin router?  My mac can connect but I still can't surf the net? Help Please... This is my first time to use mac and belkin.

  Is it Wireless you're trying to connect with?
  Which Mac?
  So we know more about it...
  At the Apple Icon at top left>About this Mac, then click on More Info, then click on Hardware> and report this upto but not including the Serial#...
  Hardware Overview:
  Model Name: iMac
  Model Identifier: iMac7,1
  Processor Name: Intel Core 2 Duo
  Processor Speed: 2.4 GHz
  Number Of Processors: 1
  Total Number Of Cores: 2
  L2 Cache: 4 MB
  Memory: 6 GB
  Bus Speed: 800 MHz
  Boot ROM Version: IM71.007A.B03
  SMC Version (system): 1.21f4

• My pc is down and I'm trying to put a wep for this router so no one can use my internet but me. Is there anyway I can set a password with an iPad as I don't have a desktop or laptop?

  My pc is down and I'm trying to put a wep for this router so no one can use my internet but me. Is there anyway I can set a password with an iPad as I don't have a desktop or a laptop. Please help.

  The AirPorts, unlike routers provided by other manufacturers, do not provide a web-based administration interface ... so the PS3 or any browser would not work.

• New Netgear Router and now I can't get a wireless connection for my K5400 printer.

  I got a new Netgear Router and now I can't get a wireless connection on my Officejet Pro K5400 printer. Anyone know what I can do to fix this. Using Windows XP

  On the printer: Setup > Network > Restore Defaults.  From the same Network menu, run the Wireless Setup Wizard.
  Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
  I am employed by HP

• Help! Router repartitioned my drive, can't see my data!

  I think I've lost about a TB worth of data. I'm rebulding a computer and had my hard drive, a Western Digital Caviar Black WD1001FALS 1TB, in an external enclosure so that I could access files from it until I could move them to a new drive. I just happened to hook the drive up to the USB port on my new Linksys EA3500 router and now I can't see anything. I believe the process of plugging the drive in, allowed the router to mess with the partition table of my drive. Before, when things worked I saw three logical drives. one of about 50-75 MB of reserved space. One of about 80 GB that was my original system drive and one of about 920 GB that was my main data drive. All of these were NTFS. Now when I look at the drive, all I see is one drive FAT32 drive of about 71 MB.
  If I look at the drive under Computer Management, Storage, Disk Management, I see the drive is made up of a 71 MB FAT 32 Primary Partition and a 932 GB Unallocated partition.
  Am I totally screwed? Is my data still there and is there any way for me to access it or any utilities I can use to get to my data in this unallocated partition? What the heck did this thing do to my drive without permission?!
  Help! Any assistance would be greatly appreciated. Much thanks in advance.
  - Byron Followell

  Yes, I did, and no, I could not see any of my files.
  Luckily I purchased recovery software, GetDataBack, many years ago. I downloaded the current version for NTFS and after several hours of scanning, am able to view most of my data from within the program but I can see nothing directly from Windows. I have a couple of days of very inconvenient and very time-consuming recovery ahead of me.
  Hopefully I will be able to get most, if not all, of my files back.
  Now my concern is, what the heck did my router do to my drive that caused this in the first place? Even if it wasn't compatible, how could it just repartition/corrupt my drive this way?
  - Byron

• I am setting up a used Airport Express. It works fine with my computer for internet connection. Now I am setting it up for Tivo connection. They ask for a Gateway router number.  Where can I find this number?

  I am setting up a used Airport Express.  It works fine and my computer can get on the internet whith no problems.
  I want to enable my Tivo box to connect to this wifi net, Tivo asks for a Gateway Router number. Where can I find this number?

  The "gateway" number for your AirPort Express, by default, is 10.0.1.1

• HT1515 do you need to connect the airport express to a router via ethernet or can it do it using wireless?

  do you need to connect the airport express to a router via ethernet or can it do it using wireless?

  There are 3 Apple routers....AirPort Express, AirPort Extreme and Time Capsule. Details here:
  http://www.apple.com/compare-wifi-models/
  Do you have one of these products in the living room? 
  If no, you can only use the AirPort Express by connecting to the router in the living room using an Ethernet cable at all times.

• HT4628 My WiFi speed on my iMac is .93Mbs even though phone engineers recently checked the speed to the router at 6.1Mbs. Is my router knackered? How can I check?

    My WiFi speed is .93Mbseven though phone engineers have just measured the speed to my router at 6.1Mps. Is the router knackerd? How can I check?

  Just to close out ... the 'supervisor' was clueless as it turns out.  Apple does NOT have a deal with UPS on handling the Mini, so the person who gave me the info was wrong.  Did he call back?  No ... he just let me go out and find out myself.
  So I called again, and this time eventually ended up with a manager, who told me that the UPS Store thing wouldn't work, but that a box would arrive and then there would be a 'forced replacement'.
  About 10 minutes later he called back and said he discovered that EVERYTHING the supervisor did was wrong ... he didn't actually properly flag for auto-replace, so I would have gone through an identical cycle again!  So he had to restart the whole process, meaning I would get TWO 'coffins', but that I would then get an auto-replacement and would see that indicated in my support email.
  I got the email, saw 'auto-replace'.  Got the box on the 28th and immediately turned it around.  Apple got the box on the 31st, and on the 1st I got emails that my Mini would arrive on the 2nd and it also had the new serial #.
  Yesterday I grab the box from FedEx and go home to check it out.  As expected, it IMMEDIATELY worked on my WiFi without issue ... and has worked perfectly since.
  So ...
  - it was NOT my home network.
  - it WAS a hardware issue with the Mini
  - Apple does NOT do proper testing on the Mini to detect what appears to be a fairly common issue.
  - non-retail customers ARE treated as second-class by support.
  This issue took FOUR WEEKS to resolve, involved FOUR shipments back & forth, and the ONLY reason it got resolved was that *I* did the troubleshooting that Apple either would not or could not do.
  For someone who has been an Apple customer for more than 30 years, this has been a sobering experience ... I quite frankly expected much better from them.

• E3200 - do not upgrade firmware - storage no longer works and router ping goes to 1000 ms

  I upgraded my firmware because I was having a lot of stability problems with the router.
  Unfortunately it got worse with the firmware upgrade.  There were two symptoms:
  1. the router no longer recognizes the usb attached hard drive / storage
  2. the throughput on the router and ping statistics are terrible unless you unplug the usb attached device (which it can't recognize any more anyway).
  If I were able to roll back the firmware I definitely would.
  I have had around 5 routers over the past 10 years and this is definitely the worst.  Constantly needs restarting, and doesn't work as advertised.

  First of all, you mentioned in your post that you have already upgraded the firmware. So after firmware upgrade did you reset the gateway? It is recommended to reset the gateway once. Steps to reset the router:
  Push the reset button on router for 30 seconds, turn off the router wait for 30 seconds and then power it on. Power light should blink when you perform the reset process.
  After reset, reconfigure the router and then check the connectivity status of the storage..

• Vista sp2 does not respond to router ping

  Hi all,
  I was trying to open a few ports for an old game when I noticed that my laptop is silent to pinging from WAN, from router, from a Mac that I have in the LAN, or from peers on Hamachi. The laptop pings both the router and the Mac successfully, as well as addresses
  outside LAN. The router responds while pinged from outside LAN.
  First guess would be firewall, so I turned off windows firewall (no third-party firewall, only Avast anti-malware), but nothing changed.
  All the network discovery options, shared access, etc are on. I tested the ping with both the static (say, 192.168.0.5, with the DHCP local range starting at 10) and dynamic local IP for the laptop. All that said, internet access is fine.
  After looking up this kind of question, I also set the registry keys LmCompatibilityLevel=1, RestrictAnonymous=0, RestrictAnonymoussam=0. Didn't change the ping results.
  What do you think might be making it invisible? Did I miss anything?

  I believe the recent versions of the ACS have the Cisco CSA agent enabled which denies ping requests. You can turn it off but I can't remember exactly how.

• Gateway disfuncions - pinging router, pinging provider's DNS

  My WRT54GL v1.1 router gateway is connected to the modem. Modem gets him an out IP address given by the internet provider, and then I have a local home network with standard 192.168.1.X address for my computers (hosts). And my notebook is in the same room as the gateway. This is what started happening few weeks ago...
  When I have access to the Internet everything is ok. BUT, sometimes I don't have it so I tested pinging. This is what happens:
  - by wireless I pinged my router address 192.168.1.1 and the results were cca 45% of packet loss (of 1000 pings)!!! And the connection was stated Excellent and it was never broken (it's allways excellent). So I tried with a wire connection to the LAN ports and the loss was around 5% (of 100 pings). It's not good, it should be 0! Time is around 1ms.
  - but then, few minutes latter (and the distance and surroundings are the same) pinging to the gateway was loss-less, meaning it was 0%. Great! Even with the wire and by wireless. BUT now pinging to the providers DNS server was a disaster with 47% of packet loss!
  - so i connected my notebook directly to the modem (providers network) and I tested pinging DNS server and it was loss-less, with 0% packet loss.
  It happens now and then, in a few days back, more usual then the weeks before. And it is original and less then a year "old". It's on power 24/7. The restarting didn't helped, the firmware upgrade didn't helped, and I don't know what else to try or to do. It has the latest firmware version, there is only one wireless home network near but it's signal is low and it shouldn't make the problem. The notebook's network cards work with no problems on the other networks. And there is no one connected to the router but me (only my MAC address is seen...)
  I need useful advice and help. Thanx!
  d-_-b

  I did a factory reset (again) and did a firmware upgrade, but this time I didn't upload the same configuration file as before - I did a new configuration. And now it works, partially - PC in the other room has a wireless connection and the internet connection, while the notebook near the router doesn't, but the wire connection works. I did a change in security key, I mach it with the profile (new, because I delete the last one) on the notebook - but it still can't get an IP address from the DHCP. But I'll do a research about solving that problem. There is a chance that the whole thing will break down again soon, because even before it was working for some time but then it crashed down again... Thanx again, I partially did what you've suggested.
  d-_-b

• WRT54G3G-ST router - no internet connection - can't reset router

  Hello.  Definite longer story definitely not short (I apologize for the rambling length...  I don't know what is and isn't important, so scan at will, please...  I am sorry...):  Recently my computer (Dell XPS 400, Windows XP Service Pack 3, Internet Explorer 7 with phishing filter and pop-up blocker on, SiteAdvisor, up-to-date McAfee Virus Scanner and Firewall, and a Linksys Wireless-G WRT54G3G-ST router with its power adapter plugged into the wall electrical outlet and a network cable from it directly connected to my computer.) got a drive-by Generic.dx trojan without me downloading anything from one of the few sites I visit daily.  My internet connection crawled, and I now have no connection at all. 
  I've been getting help from McAfee forums very helpful and quick good volunteers...  They recommended Malwarebytes Anti-Malware to me, which I downloaded from my second clean computer (a laptop) to my flash drive, then to my infected computer.  I ran it, tried updating it as recommended, and only then discovered the trojan killed my broadband entirely.  I scanned with it anyway, and it quickly found and removed/quarantined 11 Adware.MyWebSearch related files, but nothing else.  They then gave me a link to an offline updater patch file, and told me scan in safe mode until nothing else was found and check if it fixed my lack of broadband access.  Which I did, Malwarebytes found nothing else, but unfortunately I still had no broadband. 
  Next, they recommended WinsockXPFix.  Which I ran and it made all its registry changes OK, I rebooted as required but still no broadband unfortunately.  Did using WinsockXPFix make things worse for me with the registry changes it made?  I used its registry backup to save the pre-changed registry files prior to running.  Should I revert back since I still have no broadband connection?  The McAfee volunteers then kindly told me I needed to hard reset the router, though I've tried countless times with no fortune.  I'm at a definite loss as to what, if anything, I can do to hopefully get my broadband back, please... 
  It's very confusing with the numerous different variations to reset routers, and what I need to do for my router model (Variations:  Unplug this cable/adapter exactly where, or not; hold the reset button between 5-30 seconds; rebooting the computer, or not; waiting 1 or 2 minutes between various steps, or not - and for all of these at what exact point in the reset process.). 
  I reset it once before with the reset button, routers page at http://192.168.1.1, default admin password, then changed it for security, etc; but this time I can't get it to work.  I'm happy as can be to try again, to get a walk-through maybe, anything please...  When I go to http://192.168.1.1 now, or any other address, Internet Explorer gripes at me that I'm offline, which is annoyingly correct.  I don't have, and never had Zone Alarm, but disabling my McAfee Firewall doesn't help.  IPCONFIG at the Command Prompt gives me a Windows assigned address of 169.254.X.X 
  I was going to use the routers Setup Wizard CD to try to reset the router, and if that failed to try to get its firmware version number to maybe upgrade.  But I was going to ask here first for expert advice since I've read many things that can go wrong while upgrading firmware.  However, scanning the CD (Without running the CD.) McAfee found the virus W32/HLLP.Philis.ini in the file "D:\_desktop.ini" on the CD.  McAfee didn't delete the file, I don't know why. 
     I scanned my entire computer several times and no infections were reported.  I uploaded the file several times to both www.virustotal.com (39 online virus scanners), and virusscan.jotti.org (20 online virus scanners) and every time every virus scanner reported no possible infections.  Is my up-to-date McAfee virus scanner reporting a false positive and yet Jotti and Virustotal's 2 McAfee scanners report the file as probable clean?  Is "_desktop.ini" a legitimate Linksys file?  I found no information on Linksys/its forums about it.  My problems just keep multiplying...mentioning of more problems... 
  Finding that suspect file on the CD I decided to instead download the Setup Wizard from Linksys
  (Router product page:  http://www.linksysbycisco.com/US/en/support/WRT54G3G-ST/download
  Actual file:  http://downloads.linksysbycisco.com/downloads/WRT54G3G-ST_SetupWizard_4_2_06042008.zip)
  to my flash drive, then to my infected computer that is connected to the router.  I ran it (Downloaded file version: 4.2.0.007 - Original CD Setup Wizard version: 4.0 printed on CD front.) and it immediately gave 1 of 3 options:  Mobile Broadband Only, Broadband WAN Only, or Broadband WAN and Mobile Broadband.  I don't know what damage, if any, I caused by continuing. 
     It looked like it was trying to go through the entire router setup process.  I thought it would take me to some options to reset the router, as I've read in the User Guide and elsewhere - that was my understanding.  The setup process stopped at only 30% done "Router not found, please make sure the router is properly connected and try again."  How much overwriting of original router setup files did I do by continuing?  I'm entirely confused.  Doesn't the Wizard check if the router has been previously setup prior to setting it up again?  Did the version difference cause my router to not be detected by the Setup Wizard?  Did the Generic.dx trojan that killed my broadband trash my computer settings so bad that my router is undetectable/essentially not setup? 
  Update of sorts:  I tried one last time to reset the router, and I unplugged/plugged the network cable.  Doing that I still had no broadband on my main usage Dell XPS computer that's connected to the Linksys router.  However, my laptop, with Data Card in the router, was for the first time able to find the network - the constant connection and speed is brilliant, it's what it allways has been on the laptop (Since the trojan/router problems, my laptop only had broadband with the Data Card in the laptop.).  Maybe the network cable simply wasn't re-connected properly/entirely during 1 of the many reset attempts, it indeed could also explain the downloaded Setup Wizard not being able to find the router/only getting 30% done. 
  Laptop Command Prompt IPCONFIG /ALL with Sprint Data Card inserted in laptop computer slot: 
  IP Address    = 174.158.XX.XXX (Sprint)
  Subnet Mask = 255.255.255.255
  DNS Servers = 68.28.90.91
                             68.28.82.91
  Laptop Command Prompt IPCONFIG /ALL with Sprint Data Card inserted in router: 
  IP Address    = 192.168.1.1XX
  Subnet Mask = 255.255.255.0
  Default Gateway = 192.168.1.1
  DHCP Server      = 192.168.1.1
  DNS Servers      = 192.168.1.1
  Since my laptop started working with the Data Card in the router I haven't tried again to reset the router, nor have I tried the downloaded Setup Wizard.  I don't want to mess anything up further than I have(?) / the trojan has, and I need some expert advice, please, as to which of the 2 if either I should do (first?).  On my laptop computer only, typing http://192.168.1.1 in Internet Explorer gets the pop-up for username and password, but I haven't proceeded.  I've read you shouldn't reset the router and/or(? Is it both or just 1 please?) upgrade the firmware unless the computer is directly connected to the router - which my laptop is not.  On my other computer that still has no broadband, Internet Explorer still tells me I'm offline when typing http://192.168.1.1 into it.  My IP Address on it is still a Windows assigned 169.254.X.X and a Command Prompt PING 192.168.1.1 returns with "Destination host unreachable.", as it allways has and same with all other addresses (Except for 169.254.X.X). 
  Annoying 2nd "update" of sorts, apologies for length, as allways:  I've been so focused on the trojan/broadband killing that I've cluelessly largely forgot that I have dial-up with AOL.  Trying AOL dial-up also does not work, the insanity thickens...  AOL software tells me to check my connection, but all phone cords are plugged in as should be.  I plugged a phone directly into the wall outlet and I get a dial tone, I can call out OK, and the phone rings and gets calls OK.  Device Manager-Modems-Properties-Device Status says the modem is working properly, and Resources Tab shows no conflicts.  Diagnostics Tab's Query Modem looks OK to me, as does the log, but as allways I'm definitely no expert.  I didn't change any settings anywhere. 
     I have noticed off and on that checking IPCONFIG it says my IP Address is 192.168.1.100   It lasts maybe a day (then goes back to 169.254.X.X), maybe longer, I don't know - I don't check that often to pin it down (Should I?).  During this time neither my broadband, nor my dial-up works.  I can PING 192.168.1.100, but nothing else.  I'm convinced the evil trojan killed both my broadband and dial-up - I've never had a problem with my Conexant D850 56K V.9x DFVc Modem prior.  Also, I'm not convinced the trojan is not still lurking everywhere on my computer, I think it is... 
  Any and all help in restoring my broadband/dial-up is greatly appreciated, please...  Thank you! 
  Solved!
  Go to Solution.

  Hello.  It's been entirely too long since I've replied, I'm sorry.  There's no excuse, and it's terribly rude of me...  You took the time to read and reply to me, and I endlessly appreciate that indeed.  I apologize for my long delay, I'm sorry... 
  After I left my message I downloaded many virus/spyware scanners, etc. from my laptop onto my flash drive, then my other computer for some needed thorough deep scans.  One that I downloaded was Network Magic, which somehow, someway fixed both my broadband/dial-up internet on my main computer that's connected to the WRT54G3G-ST router.  I don't know what/how it repaired my connection, but the broadband connection/speed has been working brilliantly since...  Network Magic worked for me, and I highly recommend it to everyone who has stubborn complete lack of internet problems (caused by trojans at that) as I did.  There's no guarantee it'll work, but it did for me to my amazement. 
  Network Magic, as is Linksys, is owned by parent company Cisco.  Respectfully to all the good knowledgeable experts here (Which clearly I am not.), I don't want to tread out of my bounds.  I'm simply trying hopefully to be helpful and save some headaches for both you the volunteers and the users...buying a new router and/or computer was on my mind, with all due respect I recommend suggesting to try Network Magic to users if resetting the router/all else fails, please.  I did use WinsockXPFix/WinsockFix utility prior to using Network Magic, I don't know if that matters. 
  I also upgraded my McAfee package, I installed over my old software instead of uninstalling first, which caused errors in the virus scanner of all critically needed things.  I have it installed properly now, but it did cause quite a delay in re-focus of my time.  Some of the virus scans also found many trojans, some were the same/in the same folders that killed my broadband - which stopped me in my tracks to insure uninfected cleaning. 
  That definitely doesn't entirely explain the long lapse of time, and I apologize for that, again.  It's just that I'm trying to be cautious and slow in all this.  To answer the first very good idea you made:  Unfortunately, there's no place on my other computer to plug the router in to, which all the more so caused frustration (at the time).  I forgot to include this in my novel length post of countless things to check/remember...  It was a brilliant idea though, thank you... 
  I thank you for your time and help, I do sincerely appreciate it...  Thank you...  I think, and hope this matter is solved.  It seems to be, the router is working perfectly as it allways has, and I'm positively happy as can be about it.  Thank you...  Peace... 

• VPN Client can't reach router or hosts, but can reach other connected sites.

  We have a VPN client configuration on a 2901 router. The client passes authentication and connects fine. When connected, cannot reach the 2901 or any devices directly behind it, BUT can reach routers and hosts that are connected to the same 2901 through site to site connections.
  Few notes:
  I have added some lines excluding NAT in a few different ways, but does not resolve.
  I have switched the RAP rool from 10.96.20.x to 172.21.20.x and can then connect to the local host. Appears to be a routing issue to the 10.x network, but I can't seem to find the solution.
  Any help would be greatly appreciated. Here is the config:
  boot-start-marker
  boot system flash
  boot system flash:c2900-universalk9-mz.SPA.153-2.T.bin
  no ip domain lookup
  ip inspect log drop-pkt
  ip inspect name FIREWALL tcp
  ip inspect name FIREWALL udp
  ip inspect name FIREWALL ftp
  ip inspect name FIREWALL fragment maximum 256 timeout 1
  ip inspect name FIREWALL ntp
  ip inspect name FIREWALL pptp
  ip inspect name FIREWALL dns
  ip inspect name FIREWALL l2tp
  ip inspect name FIREWALL pop3
  ip inspect name FIREWALL icmp router-traffic
  no ipv6 cef
  crypto isakmp policy 1
  encr aes
  authentication pre-share
  group 2
  crypto isakmp policy 5
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp policy 95
  authentication pre-share
  group 2
  crypto isakmp policy 99
  hash md5
  authentication pre-share
  group 2
  crypto isakmp policy 110
  hash md5
  authentication pre-share
  crypto isakmp client configuration group VPN-RAS
  key *********
  dns 10.96.17.2 10.1.200.50
  wins 10.96.17.2 10.1.200.50
  domain mine.com
  pool RAPOOL
  acl SPLIT
  save-password
  split-dns mind.com
  netmask 255.255.255.0
  crypto isakmp profile USERS
     match identity group VPN-RAS
     client authentication list DOMAIN
     isakmp authorization list VPN-RAS
     client configuration address respond
     keepalive 300 retry 5
  crypto ipsec transform-set AES128 esp-aes esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set DES esp-des esp-md5-hmac
  mode tunnel
  crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
  mode tunnel
  crypto ipsec transform-set DES-SHA esp-des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  mode tunnel
  crypto dynamic-map dynmap 1
  set transform-set AES128
  set isakmp-profile USERS
  crypto map COMPANY_VPN 10 ipsec-isakmp
  set peer *******
  set transform-set 3DES-MD5
  match address PA-VPN
  qos pre-classify
  crypto map COMPANY_VPN 50 ipsec-isakmp
  set peer ******
  set transform-set AES128
  match address VPN
  qos pre-classify
  crypto map COMPANY_VPN 999 ipsec-isakmp dynamic dynmap
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  ip address 37.222.111.224 255.255.255.248
  ip access-group INBOUND in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip verify unicast reverse-path
  ip flow ingress
  ip flow egress
  ip nat outside
  ip inspect FIREWALL out
  ip virtual-reassembly in
  duplex auto
  speed auto
  no cdp enable
  no mop enabled
  crypto map COMPANY_VPN
  interface GigabitEthernet0/1
  no ip address
  ip flow ingress
  duplex auto
  speed auto
  interface GigabitEthernet0/1.17
  description LAN
  encapsulation dot1Q 17
  ip address 10.96.17.253 255.255.255.0
  ip access-group OUTBOUND in
  ip flow ingress
  ip flow egress
  ip nat inside
  ip virtual-reassembly in
  standby 0 ip 10.96.17.254
  standby 0 priority 110
  standby 0 preempt
  standby 0 track 1 decrement 20
  interface GigabitEthernet0/1.27
  description VOICE
  encapsulation dot1Q 27
  ip address 192.168.17.254 255.255.255.0
  ip access-group OUTBOUND in
  ip helper-address 10.96.17.2
  ip flow ingress
  ip nat inside
  ip virtual-reassembly in
  h323-gateway voip bind srcaddr 192.168.17.254
  ip local pool RAPOOL 10.96.20.50 10.96.20.150
  ip forward-protocol nd
  ip nat inside source route-map NAT-POOL interface GigabitEthernet0/0 overload
  ip route 0.0.0.0 0.0.0.0 37.222.111.223
  ip route 10.96.16.0 255.255.255.0 10.96.17.250
  ip route 172.22.1.0 255.255.255.0 10.96.17.250
  ip route 172.22.2.0 255.255.255.0 10.96.17.250
  ip route 172.22.3.0 255.255.255.0 10.96.17.250
  ip route 192.168.16.0 255.255.255.0 10.96.17.250
  ip access-list extended DMZ
  deny   ip any 10.0.0.0 0.255.255.255
  deny   ip any 192.168.0.0 0.0.255.255
  permit ip any any
  ip access-list extended GUEST
  deny   ip any 10.0.0.0 0.255.255.255
  deny   ip any 192.168.0.0 0.0.255.255
  permit ip any any
  ip access-list extended INBOUND
  deny   ip 80.25.124.0 0.0.0.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  permit udp host 173.239.147.114 any eq isakmp
  permit esp host 173.239.147.114 any
  deny   ip 192.168.0.0 0.0.255.255 any
  permit udp any host 37.222.111.224 eq isakmp
  permit udp any host 37.222.111.224 eq non500-isakmp
  permit esp any host 37.222.111.224
  ip access-list extended NAT
  deny   ip 10.96.20.0 0.0.0.255 any
  deny   ip any 10.96.20.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 any
  permit ip 10.0.0.0 0.255.255.255 any
  ip access-list extended NONAT
  permit ip any 192.168.0.0 0.0.255.255
  permit ip any 10.0.0.0 0.255.255.255
  ip access-list extended OUTBOUND
  deny   udp any host 22.55.77.106 eq isakmp
  deny   udp any host 22.55.77.106 eq non500-isakmp
  deny   esp any host 22.55.77.106
  permit ip any any
  ip access-list extended PA-VPN
  permit ip 10.0.0.0 0.255.255.255 10.96.18.0 0.0.0.255
  permit ip 10.0.0.0 0.255.255.255 192.168.18.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 10.96.18.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 192.168.18.0 0.0.0.255
  ip access-list extended SPLIT
  permit ip 10.0.0.0 0.255.255.255 any
  permit ip 192.168.0.0 0.0.255.255 any
  ip access-list extended VPN
  permit ip 10.96.16.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.17.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.18.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.0.0 0.0.255.255 192.168.0.0 0.0.255.255
  permit ip 10.96.0.0 0.0.255.255 10.0.0.0 0.255.255.255
  permit ip 192.168.16.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.17.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.18.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.17.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 192.168.18.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 172.22.0.0 0.0.255.255 10.0.0.0 0.255.255.255
  permit ip 172.22.0.0 0.0.255.255 192.168.0.0 0.0.255.255
  route-map NAT-POOL deny 5
  match ip address NONAT
  route-map NAT-POOL permit 10
  match ip address NAT

  We have a VPN client configuration on a 2901 router. The client passes authentication and connects fine. When connected, cannot reach the 2901 or any devices directly behind it, BUT can reach routers and hosts that are connected to the same 2901 through site to site connections.
  Few notes:
  I have added some lines excluding NAT in a few different ways, but does not resolve.
  I have switched the RAP rool from 10.96.20.x to 172.21.20.x and can then connect to the local host. Appears to be a routing issue to the 10.x network, but I can't seem to find the solution.
  Any help would be greatly appreciated. Here is the config:
  boot-start-marker
  boot system flash
  boot system flash:c2900-universalk9-mz.SPA.153-2.T.bin
  no ip domain lookup
  ip inspect log drop-pkt
  ip inspect name FIREWALL tcp
  ip inspect name FIREWALL udp
  ip inspect name FIREWALL ftp
  ip inspect name FIREWALL fragment maximum 256 timeout 1
  ip inspect name FIREWALL ntp
  ip inspect name FIREWALL pptp
  ip inspect name FIREWALL dns
  ip inspect name FIREWALL l2tp
  ip inspect name FIREWALL pop3
  ip inspect name FIREWALL icmp router-traffic
  no ipv6 cef
  crypto isakmp policy 1
  encr aes
  authentication pre-share
  group 2
  crypto isakmp policy 5
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp policy 95
  authentication pre-share
  group 2
  crypto isakmp policy 99
  hash md5
  authentication pre-share
  group 2
  crypto isakmp policy 110
  hash md5
  authentication pre-share
  crypto isakmp client configuration group VPN-RAS
  key *********
  dns 10.96.17.2 10.1.200.50
  wins 10.96.17.2 10.1.200.50
  domain mine.com
  pool RAPOOL
  acl SPLIT
  save-password
  split-dns mind.com
  netmask 255.255.255.0
  crypto isakmp profile USERS
     match identity group VPN-RAS
     client authentication list DOMAIN
     isakmp authorization list VPN-RAS
     client configuration address respond
     keepalive 300 retry 5
  crypto ipsec transform-set AES128 esp-aes esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set DES esp-des esp-md5-hmac
  mode tunnel
  crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
  mode tunnel
  crypto ipsec transform-set DES-SHA esp-des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  mode tunnel
  crypto dynamic-map dynmap 1
  set transform-set AES128
  set isakmp-profile USERS
  crypto map COMPANY_VPN 10 ipsec-isakmp
  set peer *******
  set transform-set 3DES-MD5
  match address PA-VPN
  qos pre-classify
  crypto map COMPANY_VPN 50 ipsec-isakmp
  set peer ******
  set transform-set AES128
  match address VPN
  qos pre-classify
  crypto map COMPANY_VPN 999 ipsec-isakmp dynamic dynmap
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  ip address 37.222.111.224 255.255.255.248
  ip access-group INBOUND in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip verify unicast reverse-path
  ip flow ingress
  ip flow egress
  ip nat outside
  ip inspect FIREWALL out
  ip virtual-reassembly in
  duplex auto
  speed auto
  no cdp enable
  no mop enabled
  crypto map COMPANY_VPN
  interface GigabitEthernet0/1
  no ip address
  ip flow ingress
  duplex auto
  speed auto
  interface GigabitEthernet0/1.17
  description LAN
  encapsulation dot1Q 17
  ip address 10.96.17.253 255.255.255.0
  ip access-group OUTBOUND in
  ip flow ingress
  ip flow egress
  ip nat inside
  ip virtual-reassembly in
  standby 0 ip 10.96.17.254
  standby 0 priority 110
  standby 0 preempt
  standby 0 track 1 decrement 20
  interface GigabitEthernet0/1.27
  description VOICE
  encapsulation dot1Q 27
  ip address 192.168.17.254 255.255.255.0
  ip access-group OUTBOUND in
  ip helper-address 10.96.17.2
  ip flow ingress
  ip nat inside
  ip virtual-reassembly in
  h323-gateway voip bind srcaddr 192.168.17.254
  ip local pool RAPOOL 10.96.20.50 10.96.20.150
  ip forward-protocol nd
  ip nat inside source route-map NAT-POOL interface GigabitEthernet0/0 overload
  ip route 0.0.0.0 0.0.0.0 37.222.111.223
  ip route 10.96.16.0 255.255.255.0 10.96.17.250
  ip route 172.22.1.0 255.255.255.0 10.96.17.250
  ip route 172.22.2.0 255.255.255.0 10.96.17.250
  ip route 172.22.3.0 255.255.255.0 10.96.17.250
  ip route 192.168.16.0 255.255.255.0 10.96.17.250
  ip access-list extended DMZ
  deny   ip any 10.0.0.0 0.255.255.255
  deny   ip any 192.168.0.0 0.0.255.255
  permit ip any any
  ip access-list extended GUEST
  deny   ip any 10.0.0.0 0.255.255.255
  deny   ip any 192.168.0.0 0.0.255.255
  permit ip any any
  ip access-list extended INBOUND
  deny   ip 80.25.124.0 0.0.0.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  permit udp host 173.239.147.114 any eq isakmp
  permit esp host 173.239.147.114 any
  deny   ip 192.168.0.0 0.0.255.255 any
  permit udp any host 37.222.111.224 eq isakmp
  permit udp any host 37.222.111.224 eq non500-isakmp
  permit esp any host 37.222.111.224
  ip access-list extended NAT
  deny   ip 10.96.20.0 0.0.0.255 any
  deny   ip any 10.96.20.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 any
  permit ip 10.0.0.0 0.255.255.255 any
  ip access-list extended NONAT
  permit ip any 192.168.0.0 0.0.255.255
  permit ip any 10.0.0.0 0.255.255.255
  ip access-list extended OUTBOUND
  deny   udp any host 22.55.77.106 eq isakmp
  deny   udp any host 22.55.77.106 eq non500-isakmp
  deny   esp any host 22.55.77.106
  permit ip any any
  ip access-list extended PA-VPN
  permit ip 10.0.0.0 0.255.255.255 10.96.18.0 0.0.0.255
  permit ip 10.0.0.0 0.255.255.255 192.168.18.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 10.96.18.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 192.168.18.0 0.0.0.255
  ip access-list extended SPLIT
  permit ip 10.0.0.0 0.255.255.255 any
  permit ip 192.168.0.0 0.0.255.255 any
  ip access-list extended VPN
  permit ip 10.96.16.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.17.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.18.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.0.0 0.0.255.255 192.168.0.0 0.0.255.255
  permit ip 10.96.0.0 0.0.255.255 10.0.0.0 0.255.255.255
  permit ip 192.168.16.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.17.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.18.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.17.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 192.168.18.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 172.22.0.0 0.0.255.255 10.0.0.0 0.255.255.255
  permit ip 172.22.0.0 0.0.255.255 192.168.0.0 0.0.255.255
  route-map NAT-POOL deny 5
  match ip address NONAT
  route-map NAT-POOL permit 10
  match ip address NAT