please help vpn client and router

Answered Question
May 19th, 2009
User Badges:

Hi all,

I want to stablish a vpn between my PC (with VPN Client version and a remote router (Cisco 2811)with IOS software release 12.4(9)T7 and the following configuration

aaa new-model


aaa authentication login VPNCLIENT local

aaa authorization network VPNGROUP local

username test password hello

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2


crypto isakmp client configuration group 3000client

key cisco123



pool ippool


crypto ipsec transform-set MYSET esp-3des esp-sha-hmac


crypto dynamic-map dynmap 10

set transform-set MYSET


crypto map clientmap client authentication list lista

crypto map clientmap isakmp authorization list grupo

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap


interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

crypto map clientmap


interface FastEthernet0/0/0


interface FastEthernet0/0/1


interface FastEthernet0/0/2


interface FastEthernet0/0/3


interface Vlan1

ip address

ip nat inside

ip virtual-reassembly

load-interval 30


ip local pool ippool

no ip classless

ip route


ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat inside source list 102 interface FastEthernet0/0 overload

access-list 102 permit ip any


line con 0

line aux 0

line vty 0 4

privilege level 15

transport input telnet

line vty 5 15

privilege level 15

transport input telnet


When I connect to the public IP address of the router every thing is all right and status is Connected. But I don't have connectivity to internet and I can only ping but no others IP adress from this range.

I would appreciate any kind of kelp.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
usuario0001 Tue, 05/19/2009 - 06:59
User Badges:

Thank you very much. Now it works!

But I'm trying to connect to a PC via remote desktop and I can't. Could you tell me what do I have to add to the router configuration.


Correct Answer

You need to make sure that your internal traffic going to the VPN client is NOT being NATT'd.

You need to re-write acl 102 to something like:-

access-list 102 deny ip

access-list 102 permit ip any



This Discussion