please help vpn client and router

Answered Question
May 19th, 2009
User Badges:

Hi all,


I want to stablish a vpn between my PC (with VPN Client version 4.8.02.0010) and a remote router (Cisco 2811)with IOS software release 12.4(9)T7 and the following configuration


aaa new-model

!

aaa authentication login VPNCLIENT local

aaa authorization network VPNGROUP local


username test password hello


crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group 3000client

key cisco123

dns 62.42.230.24

domain cisco.com

pool ippool

!

crypto ipsec transform-set MYSET esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set MYSET

!

crypto map clientmap client authentication list lista

crypto map clientmap isakmp authorization list grupo

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap


!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

crypto map clientmap

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

load-interval 30

!

ip local pool ippool 192.168.4.100 192.168.4.200

no ip classless

ip route 0.0.0.0 0.0.0.0 62.43.195.100

!

ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000


ip nat inside source list 102 interface FastEthernet0/0 overload

access-list 102 permit ip 192.168.4.0 0.0.0.255 any

!

line con 0

line aux 0

line vty 0 4

privilege level 15

transport input telnet

line vty 5 15

privilege level 15

transport input telnet

!

When I connect to the public IP address of the router every thing is all right and status is Connected. But I don't have connectivity to internet and I can only ping 192.168.4.1 but no others IP adress from this range.

I would appreciate any kind of kelp.


Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
usuario0001 Tue, 05/19/2009 - 06:59
User Badges:

Thank you very much. Now it works!

But I'm trying to connect to a PC via remote desktop and I can't. Could you tell me what do I have to add to the router configuration.


Regards

Correct Answer

You need to make sure that your internal traffic going to the VPN client is NOT being NATT'd.


You need to re-write acl 102 to something like:-


access-list 102 deny ip 192.168.4.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 102 permit ip 192.168.4.0 0.0.0.255 any


HTH>

Actions

This Discussion