VPN Client for Public Internet on a Stick

Unanswered Question

Hi,


I've implemented "the Router and VPN Client for Public Internet on a Stick Configuration Example" (http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml). I've added these lines to my 878 router config. I connect from a remote site with Cisco VPN client. From the VPN client, the situation is :

- Full access to hosts on Internet = OK

- Can PING hosts at the router site (192.168.2.0)

- Have no access to hosts at the router site (192.168.2.0) = NOK

I've added these lines to my 877 configuration. At this time, firewall not activated.


aaa new-model

!

aaa authentication login userauthen local

!

aaa authorization network groupauthor local

!

aaa session-id common

username ... password 0 ...


crypto isakmp policy 3

encr 3des

authentication pre-share

group 2


crypto isakmp client configuration group ?

key ?

dns 192.168.2.110

pool ippool

!

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

reverse-route

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

interface Loopback0

ip address 10.11.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly


interface Dialer1

ip nat outside

ip policy route-map VPN-Client

crypto map clientmap


ip local pool ippool 192.168.4.1 192.168.4.20


ip nat inside source list 102 interface Dialer1 overload


access-list 102 permit ip any any


access-list 144 permit ip 192.168.4.0 0.0.0.255 any


route-map VPN-Client permit 10

match ip address 144

set interface Loopback0


Any idea to solve the 3rd point? All the VPN traffic is set to the loopback interface. Do I have to modify the route-map to set only the external traffic on this interface ?


Kind regards,


Guy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a-vazquez Tue, 05/22/2007 - 06:08
User Badges:
  • Silver, 250 points or more

Probably, check the network list in the vpn server whether it is properly configured in such a way that the network 192.168.2.0 is allowed.

Actions

This Discussion