how to get remote access from my router

Unanswered Question
Sep 12th, 2010

Hi i am tring to configure Easy vpn server through SDM but its not possible to me so i configured through cli as per my knowledge. my configuration as bellow. is there any problem could you please update me




NARI#
NARI#sh run
Building configuration...

Current configuration : 3985 bytes
!
! Last configuration change at 17:06:07 UTC Sun Sep 12 2010
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NARI
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$R0J7$blW/nLCJ1LmArlo5zva5j0
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
--More--                           !
!
!
!
aaa session-id common
!
!
!
crypto pki trustpoint TP-self-signed-2807192236
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2807192236
revocation-check none
rsakeypair TP-self-signed-2807192236
!
!
crypto pki certificate chain TP-self-signed-2807192236
certificate self-signed 01
  3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32383037 31393232 3336301E 170D3130 30393132 31363537
  35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38303731
  39323233 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
--More--                             8100A5B0 A87C9ACC F78EB2EC 32A67013 609683A6 341A52AE BD52328D A8708C89
  59E5C093 9F9F5C1C C0C64F5B 7D819CCF 768AEBEE DD9FCB7F FD733935 2A6D032C
  055EC213 CA4EB468 8ACBFA33 9A4199F2 96A61D5D 3769D898 7BDC80F5 49E7942B
  49683A26 BDA53451 8959552C F29D5CF0 0A73C6DB DB7C8AD5 68720ECD 79D2C9EB
  23AD0203 010001A3 64306230 0F060355 1D130101 FF040530 030101FF 300F0603
  551D1104 08300682 044E4152 49301F06 03551D23 04183016 8014B47F 118C2CE9
  5EDBA4D1 13F5797C 8015846F 5161301D 0603551D 0E041604 14B47F11 8C2CE95E
  DBA4D113 F5797C80 15846F51 61300D06 092A8648 86F70D01 01040500 03818100
  86B0BD29 837E7358 9D953D0D D2623D6B 58A0248E 495BB09F AD8FD80C 563B0F13
  D26F26E6 A3E88A68 E3A4F131 E36819A6 CB9FF481 F45F9100 D6150BDF 625A1BB8
  C33A94C6 7BBEA46F C3F016E4 3F5AD5D4 B095836C 78D70FC0 3CD356F1 C64DB368
  DB1C4A07 343FB668 512FC7C4 0BE3BB1A 0C28AD8F 6E850E42 388193DF 400CD1AD
   quit
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip name-server 4.2.2.1
ip name-server 4.2.2.2
vlan ifdescr detail
--More--                           !
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2821 sn FHK1042F2B9
username admin password 0 cisco
!
redundancy
!
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key cisco
pool vpnpool
!
--More--                           !
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap client configuration address respond
!
crypto map clinetmap isakmp authorization list groupauthor
!
!
!
!
!
interface Loopback0
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0
--More--                            ip address 172.20.200.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.230.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface BRI0/0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
--More--                           interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
!
ip local pool vpnpool 10.10.100.1 10.10.100.10
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 172.20.200.10
!
access-list 1 permit 192.168.230.0 0.0.0.255
access-list 101 permit ip any any
access-list 120 permit ip 10.10.100.0 0.0.0.255 any
!
!
!
route-map VPN-Client permit 10
match ip address 120
--More--                           !
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
transport input all
!
scheduler allocate 20000 1000
end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thotsaphon Mon, 09/13/2010 - 01:10

Hi Guy,

     You missed a part of VPN configuration. Please add the following commands on you router.


#########################

!

crypto map clientmap 65535 ipsec-isakmp dynamic dynamic-map

!

int g0/0

crypto map dynamic-map

!

#########################

   You have to make sure that you correctly configure VPN at the client side as well.  It's a good idea to know how to verify things. Please learn how to use the following commands.


#########################


CiscoRouter#show crypto isakmp sa

CiscoRouter#show crypto ipsec sa

CiscoRouter#show crypto sesstion detail


#########################



HTH,

Toshi

Actions

This Discussion