cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
417
Views
0
Helpful
1
Replies

VPN and Windows 2003 DHCP

cozyk1515
Level 1
Level 1

I have an 871 Router that I am trying to setup a VPN but the Windows 2003 server on the network does the dhcp. At this point I get and error on authentication just trying to vpn - here is the config I hope someone can help. I have never had this problem before

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

aaa session-id common

!

resource policy

!

ip subnet-zero

ip cef

!

!

!

!

ip domain name xxx.com

ip name-server 216.x.x.x

ip name-server 216.x.x.x

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group xxxvpn

key xx2cisco

dns 192.168.0.1 216.x.x.x

domain d2b0411

netmask 255.255.255.0

!

!

crypto ipsec transform-set xxxvpn esp-3des esp-md5-hmac

!

crypto dynamic-map SDM_DYNMAP_1 1

set transform-set peruvpn

reverse-route

crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1

crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1

crypto map SDM_CMAP_1 client configuration address respond

crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

!

!

interface FastEthernet4

description $ES_WAN$

ip address 216.x.x.x 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map SDM_CMAP_1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.0.254 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip local pool SDM_POOL_1 192.168.0.220 192.168.0.225

ip classless

ip route 0.0.0.0 0.0.0.0 216.x.x.x

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source static udp 192.168.0.1 3389 interface FastEthernet4 3389

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload

!

access-list 100 remark SDM_ACL Category=2

access-list 100 deny ip any host 192.168.0.220

access-list 100 deny ip any host 192.168.0.221

access-list 100 deny ip any host 192.168.0.222

access-list 100 deny ip any host 192.168.0.223

access-list 100 deny ip any host 192.168.0.224

access-list 100 deny ip any host 192.168.0.225

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

no cdp run

!

route-map SDM_RMAP_1 permit 1

match ip address 100

Thanks

Gabrielle

1 Reply 1

cozyk1515
Level 1
Level 1

OK - I am able to VPN in fine now. I can ping the server 192.168.0.1- I can get in Remote Desktop to the server 192.168.0.1 and from remote desktop I can ping my VPNed Pc IP of 192.168.0.200. However, I can't see the domain when I go to map network or Network neigh. Any Ideas?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: