I've implemented "the Router and VPN Client for Public Internet on a Stick Configuration Example" (http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml). I've added these lines to my 878 router config. I connect from a remote site with Cisco VPN client. From the VPN client, the situation is :
- Full access to hosts on Internet = OK
- Can PING hosts at the router site (192.168.2.0)
- Have no access to hosts at the router site (192.168.2.0) = NOK
I've added these lines to my 877 configuration. At this time, firewall not activated.
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
username ... password 0 ...
crypto isakmp policy 3
crypto isakmp client configuration group ?
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
ip address 10.11.0.1 255.255.255.0
ip nat inside
ip nat outside
ip policy route-map VPN-Client
crypto map clientmap
ip local pool ippool 192.168.4.1 192.168.4.20
ip nat inside source list 102 interface Dialer1 overload
access-list 102 permit ip any any
access-list 144 permit ip 192.168.4.0 0.0.0.255 any
route-map VPN-Client permit 10
match ip address 144
set interface Loopback0
Any idea to solve the 3rd point? All the VPN traffic is set to the loopback interface. Do I have to modify the route-map to set only the external traffic on this interface ?