REMOTE ACCESS VPN USING EASYVPN

Unanswered Question
Apr 21st, 2010
User Badges:

Can anyone help me with this configuration because I am new to VPN setup.I had tried to setup easyVPN with SDM and it did not work so I decided to manually configure , can anyone check the configuration below and help me with any solution ;



MEdplus_GH#show run
Building configuration...


Current configuration : 6038 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Medplus_GH
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$Pdvv$ZqSVo8B9dK0/fF5RvCxEB/
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network regus local
!
!
aaa session-id common
clock timezone PCTime 1
!
crypto pki trustpoint TP-self-signed-1632608243
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1632608243
revocation-check none
rsakeypair TP-self-signed-1632608243
!
!
crypto pki certificate chain TP-self-signed-1632608243
certificate self-signed 01
  30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31363332 36303832 3433301E 170D3130 30343136 31343534
  35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36333236
  30383234 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A161 EDAC2FA2 6D415B3E FB331718 05377077 57EC0812 C421BB33 DEA83B97
  5EEBA0D6 FCE0A136 C57A2E9F 2104324B 4473F128 A7A6C3D5 F9D14809 5319D84B
  70B9D371 16E45A6F 26A302DA CAB1339E E5FAAFA9 2B91EE13 F12426A8 9705D77E
  09272B83 7C7D73B9 CFFBAFF0 AB1F27FE 7865A75C EAA7F0E3 E05B07DD D8B4B472
  06CF0203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
  551D1104 1D301B82 19526567 75735F47 482E7265 67757367 68616E61 2E6C6F63
  616C301F 0603551D 23041830 16801428 17F6964F 5F9C94B1 F0519A9F 405BCB33
  24864C30 1D060355 1D0E0416 04142817 F6964F5F 9C94B1F0 519A9F40 5BCB3324
  864C300D 06092A86 4886F70D 01010405 00038181 000B235C B3F839CA EBD43628
  8C443A7D CDBC390E 70044FB6 51F4AAED D536AFFF 80B56A2E E0E7D270 66EC2764
  D20620C0 963653AA 7CE6F7B4 F59D0C2C 2ED27396 3229274D 4C74A60C 04B7B4F9
  278D878D 28D520AC BB94C3D2 40007F5C EDC58510 33886744 DB8FD6B8 C478B544
  A1A4C43D 29661719 F794669A 86D0046E 0F377977 19
        quit
dot11 syslog
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.20.201 192.168.20.254
ip dhcp excluded-address 192.168.20.1 192.168.20.20
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
   dns-server 80.87.78.4 80.87.78.11
!
!
no ip bootp server
ip domain name regusghana.local
ip name-server 80.87.78.4
ip name-server 80.87.78.11
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm

!
username regusGH privilege 15 secret 5 $1$ap5Q$I1vsn7D6aQbRgRYG0rl.w0
username test password 7 1405170C19170D03
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key regusGH address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local poolname
!
crypto isakmp client configuration group regus
key regusGH
pool poolname
!
!
crypto ipsec transform-set ts2 esp-des esp-md5-hmac
!
crypto dynamic-map ts2 10
set transform-set ts2
!
!
crypto map smap client authentication list regusGH
crypto map smap isakmp authorization list regusGH
crypto map smap client configuration address respond
!
archive
log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
interface FastEthernet0/0
description $Eth-LAN$
ip address 192.168.20.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $Eth-WAN$
ip address 80.87.81.250 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
router eigrp 1
network 192.168.20.0
no auto-summary
!
ip local pool poolname 41.204.42.168 41.204.42.172
ip default-gateway 80.87.81.249
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 80.87.81.249
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool sdm-pool1 80.87.81.250 80.87.81.250 netmask 255.255.255.252
ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.20.15 3389 interface FastEthernet0/1 3
9
!
logging trap debugging
access-list 100 permit ip 192.168.20.0 0.0.0.255 any
no cdp run

!
control-plane
!

!

Please Your help will be needed urgently.


Thanks a lot guys.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Wed, 04/21/2010 - 15:52
User Badges:
  • Green, 3000 points or more

Hi,


Are you trying to connect Cisco IPsec VPN clients?


What is the output of the following commands:


sh cry isa sa

sh cry ips sa


When attempting to establish the tunnel?


Federico.

chygozy12 Thu, 04/22/2010 - 09:45
User Badges:

I want to connect with both IPSEC and SSL clients.

Can I still do the EasyVPN thru SDM,I have cisco 2811 and have integrated with an ISP and have done the NAT as shown in the configuration posted.


I actually want an assistance.Can I actually start al over? suggest.

Please I am a dude here.

Actions

This Discussion