vpn works but cannot access local LAN...

Unanswered Question
Mar 25th, 2007

I have cisco vpn client connecting to a 1721 at the office. the client connects and i can access the office LAN but but not the local LAN. i do have the box checked in vpn client to allow local LAN access. please help!

thanks!

Matt

here's the config:

Current configuration : 3901 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cerberus

!

boot system flash c1700-k9o3sy7-mz.122-11.T10.bin

aaa new-model

!

!

aaa group server radius RADIUS-SERVERS

server 192.168.69.1 auth-port 1645 acct-port 1646

!

aaa authentication login LOGIN group RADIUS-SERVERS local

aaa authorization network NETGROUPAUTH local

aaa session-id common

!

username mattheff password 7 07572C4D5A011C034F

username mikeheff password 7 030952000307244A48

clock timezone CST -6

clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

!

!

ip domain name heffnet.net

ip name-server 68.94.156.1

ip name-server 68.94.157.1

ip dhcp excluded-address 192.168.69.1 192.168.69.99

ip dhcp excluded-address 192.168.69.111 192.168.69.254

!

ip dhcp pool HEFFNET_LAN_POOL_1

network 192.168.69.0 255.255.255.0

default-router 192.168.69.254

dns-server 68.94.156.1 68.94.157.1

!

ip audit notify log

ip audit po max-events 100

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group VPNGROUP

key 8mathef8

dns 68.94.156.1 68.94.157.1

domain heffnet.net

pool VPN_CLIENT_POOL

acl 102

!

!

crypto ipsec transform-set VPNSET1 esp-3des esp-sha-hmac

!

crypto dynamic-map DYNMAP 10

set transform-set VPNSET1

!

!

crypto map VPNCLIENTMAP client authentication list LOGIN

crypto map VPNCLIENTMAP isakmp authorization list NETGROUPAUTH

crypto map VPNCLIENTMAP client configuration address respond

crypto map VPNCLIENTMAP 10 ipsec-isakmp dynamic DYNMAP

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.252

!

interface ATM0

description Heffnet WAN/SBC DSL Interface

no ip address

no atm ilmi-keepalive

pvc 0/35

pppoe-client dial-pool-number 69

!

dsl operating-mode auto

no fair-queue

!

interface FastEthernet0

description Heffnet LAN Interface

ip address 192.168.69.254 255.255.255.0

ip nat inside

ip tcp adjust-mss 1452

ip policy route-map VPN_ROUTE_MAP

speed auto

!

interface Dialer69

mtu 1492

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 69

ppp chap hostname cerberus

ppp chap password 7 040306071B29494851

ppp pap sent-username [email protected] password 7 07572C4D5A011C034F

crypto map VPNCLIENTMAP

!

ip local pool VPN_CLIENT_POOL 192.168.70.200 192.168.70.253

ip nat inside source list INTERNAL interface Dialer69 overload

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer69

no ip http server

!

!

ip access-list extended INTERNAL

deny ip 192.168.69.0 0.0.0.255 192.168.70.0 0.0.0.255

permit ip 192.168.69.0 0.0.0.255 any

!

logging 192.168.69.1

access-list 101 permit ip 192.168.69.0 0.0.0.255 192.168.70.0 0.0.0.255

access-list 102 permit ip 192.168.69.0 0.0.0.255 any

!

route-map VPN_ROUTE_MAP permit 10

match ip address 101

set ip next-hop 1.1.1.2

!

alias exec s show ip interface brief

alias exec sr show running-config

!

line con 0

privilege level 15

logging synchronous

line aux 0

privilege level 15

logging synchronous

line vty 0 4

privilege level 15

logging synchronous

line vty 5 15

privilege level 15

logging synchronous

!

scheduler allocate 4000 1000

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kamal Malhotra Mon, 03/26/2007 - 07:08

Hi Matt,

The config looks good. Please make sure that you get a route for 192.168.69.0 255.255.255.0 network only after connecting with the VPN client. Please also match the 'route print' output of the client before and after connecting. One more thing, I hope that the local network is not 192.168.69.0.

HTH,

Please rate if it helps,

Regards,

Kamal

Actions

This Discussion