Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
3
Replies

problem with EZvpn

Go to solution
mohamed-elsherif
Level 1
Level 1

‎04-19-2010 02:59 AM

hi

i'm trying to setup an EzVPN server that will allow users to connect remotly via internet through my 2820 router

the client can connect successfully however it can only reach the router and not devices within the router subnet

crypto isakmp policy 100
encr aes
hash md5
authentication pre-share
group 2

crypto isakmp keepalive 20 10
!
crypto isakmp client configuration group easyvpn
key easyvpn
pool easyvpn
acl easyvpn
save-password
max-users 9
netmask 255.255.255.0
!
!
crypto ipsec transform-set dmvpn esp-aes esp-md5-hmac
!
crypto ipsec profile dmvpn
set transform-set dmvpn
!
!
crypto dynamic-map easyvpn 10
set transform-set dmvpn
reverse-route
!
!
crypto map easyvpn client authentication list easyvpn
crypto map easyvpn isakmp authorization list easyvpn
crypto map easyvpn client configuration address respond
crypto map easyvpn 100 ipsec-isakmp dynamic easyvpn

interface GigabitEthernet0/0
description DSL interface
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description internal interface
ip address 100.0.0.1 255.255.255.0
ip nat inside

!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map easyvpn

ip local pool easyvpn 70.0.0.1 70.0.0.100
!

ip access-list extended easyvpn
permit ip 100.0.0.0 0.0.0.255 70.0.0.0 0.0.0.255

please be notifed that i can only reach the private address of the router only not the connected devices

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎04-19-2010 03:19 AM

Please make sure that NAT exemption is configured (you would need to deny traffic from your internal subnets towards the ip pool subnet so it doesn't get NATed).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎04-19-2010 03:19 AM

Please make sure that NAT exemption is configured (you would need to deny traffic from your internal subnets towards the ip pool subnet so it doesn't get NATed).

0 Helpful

Go to solution
mohamed-elsherif
Level 1
Level 1
In response to Jennifer Halim

‎04-19-2010 03:37 AM

i did

it's now working just fine

thanks alot

0 Helpful

Go to solution
stevjarbeck
Level 1
Level 1
In response to mohamed-elsherif

‎04-19-2010 10:34 AM

If you get a chance would you please post your scrubbed config so I can see the changes you made to resolve the NAT problem.

Thanks,

Steve

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents