configuration for client vpn access on a loopback interface

Unanswered Question
Jul 7th, 2009
User Badges:

Hi all,


We tried to configure a router as server for a client VPN .


We applied the crypto map on a loopback interface.


we put "crypto map VpnConn local-address Loopback0".


We can connect using a cisco VPN client but we cannot ping the LAN, even the ip address of the LAN interface of the router configured as server.


How could we solve this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
harinirina Wed, 07/08/2009 - 05:38
User Badges:

Hi,


Thanks for the doc.

it seems NAT-T is enabled by default in Cisco IOS.


We use a router cisco as VPN Server and we don't know what to add.


Here below our config so you could tell what's wrong and what's missing.





aaa new-model

aaa authentication login default local

aaa authorization exec default local


aaa authorization network Grp local

aaa authentication login Usr local


username uuuu privilege 15 password pppp


interface l0

crypto map IntVpn


interface FastEthernet0/0

ip address W.W.W.1 255.255.255.240

ip nat outside

!

interface FastEthernet0/1

description vers LAN

ip address R.R.R.1 255.255.255.0

ip nat inside


ip local pool poolVpn P.P.P.1 P.P.P.254


ip nat inside source list 100 interface FastEthernet0/0 overload


access-list 100 deny ip R.R.R.0 0.0.0.255 P.P.P.0 0.0.0.255

access-list 100 deny icmp R.R.R.0 0.0.0.255 P.P.P.0 0.0.0.255

access-list 100 permit ip R.R.R.0 0.0.0.255 any



crypto isakmp policy 5

hash md5

authentication pre-share

group 2



crypto isakmp client configuration group ClGrp

key kkkk

pool poolVpn

acl 199


crypto isakmp profile ClPrf

match identity group ClGrp

client authentication list Usr

isakmp authorization list Grp

client configuration address respond


crypto ipsec transform-set TrSet esp-aes esp-sha-hmac

crypto dynamic-map dynVpn 5

set transform-set TrSet

set isakmp-profile ClPrf

reverse-route

!

crypto map IntVpn 3 ipsec-isakmp dynamic dynVpn



access-list 199 permit ip R.R.R.0 0.0.0.255 P.P.P.0 0.0.0.255


Actions

This Discussion