Access from out side to inside OK but no access from inside to out side

Unanswered Question
May 4th, 2009
User Badges:

HI Team,

Can any one assists with below config, Access from out side to LAN works ok with out any issue, but internal LAN can not access any out side IP.

Also VPN does not seem to establish either, Have double checked the VPN on the peer and configs are exactly same for VPN but no luck.

Any Assistance will be greatly appriciated

Config Below

================================

ROUTER#sh run

Building configuration...


Current configuration : 4718 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ROUTER

!

boot-start-marker

boot-end-marker

!

enable secret 5

enable password 7

!

no aaa new-model

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.26.0.1 10.26.0.99

ip dhcp excluded-address 10.26.0.199 10.26.0.254

!

ip dhcp pool actpool

network 10.26.0.0 255.255.255.0

dns-server 203.8.183.1 61.88.88.88

default-router 10.26.0.1

!

!

ip cef

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!


!

!

!

crypto isakmp policy 20

encr 3des

authentication pre-share

group 2

crypto isakmp key aaaaaaaaaaaaaaaaa address a.a.a.a

!

!

crypto ipsec transform-set actvpn esp-des esp-md5-hmac

!

crypto map vpn 20 ipsec-isakmp

description **VPN Link**

set peer a.a.a.a

set transform-set actvpn

set pfs group2

match address AC

!

!

!

interface Ethernet0

ip address 10.26.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

hold-queue 100 out

!

interface Ethernet2

no ip address

shutdown

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

description Link to PowerTel Internet Connection

pvc 1/34

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet1

duplex auto

speed auto

!

interface FastEthernet2

duplex auto

speed auto

!

interface FastEthernet3

duplex auto

speed auto

!

interface FastEthernet4

duplex auto

speed auto

!

interface Dialer1

description Internet Link Fixed IP

mtu 1460

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname xx

ppp chap password xx

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

no ip http secure-server

!

ip nat inside source list 105 interface Dialer1 overload

ip nat inside source static tcp 10.26.0.100 3389 interface Dialer1 3389

!

!

ip access-list extended AC

permit ip 10.26.0.0 0.0.0.255 10.10.10.0 0.0.0.255

permit ip 10.26.0.0 0.0.0.255 10.0.0.0 0.0.0.255

logging trap debugging

access-list 1 permit 10.26.0.0 0.0.0.255

access-list 105 deny ip 10.26.0.0 0.0.0.255 10.10.10.0 0.0.0.255

access-list 105 deny ip 10.26.0.0 0.0.0.255 10.0.0.0 0.0.0.255

access-list 105 permit ip 10.26.0.0 0.0.0.255 any

access-list 105 permit tcp any host 10.26.0.100 eq 3389

!

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

exec-timeout 120 0

password 7

login local

length 0

!

scheduler max-task-time 5000

end

===============================

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thotsaphon Mon, 05/04/2009 - 05:44
User Badges:
  • Gold, 750 points or more

Tariq,

Please add the following commands:


!

dialer-list 1 protocol ip permit

!

int dialer1

crypto map vpn

!



HTH,

Toshi


tariqmansoor Mon, 05/04/2009 - 15:25
User Badges:

Thanks Tishi,

VPN Issue is resolved, but Internet Issue is still same. Users can not access any out side IP on the internet.

I have added both commands in the config.


Cheers,

Actions

This Discussion