Please Newbie: Configuration of 857W VPN

Unanswered Question
Feb 9th, 2012
User Badges:

First, this is my first experiency with cisco routers and their configuration, so excuse me if i'm asking a silly question:


I've a local network 10.X.X.X with this router, an ADSL, and a remote office in another ISP. The remote PCs can conect to VPN, and access the router (can ping it) but can't access other devices in 10.X.X.X network.


With the problems of the SDM, Java and more, the multiple test to let the remote PCs access devices in local network, i think this configuration is totally a disaster.


Please, can anyone review it and say me what can i change (THanks!):


==============================================================

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname caronte

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

enable secret 5 ###SECRET###

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authentication login ciscocp_vpn_xauth_ml_2 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

aaa authorization network ciscocp_vpn_group_ml_2 local

!

aaa session-id common

!

resource policy

!

clock timezone PCTime 1

clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00

no ip source-route

no ip dhcp use vrf connected

ip dhcp excluded-address 10.0.0.1 10.1.0.0

ip dhcp excluded-address 10.1.0.255 10.255.255.254

!

ip dhcp pool sdm-pool

   import all

   network 10.0.0.0 255.0.0.0

   default-router 10.0.0.1

   domain-name cdi.local

   dns-server 10.0.0.3 80.58.61.250

   netbios-name-server 10.0.0.3

   lease 0 12

!

!

ip cef

ip tcp synwait-time 10

no ip bootp server

ip domain name cdi.local

ip name-server 10.0.0.3

ip name-server 10.0.0.4

ip name-server 80.58.61.250

ip name-server 80.58.61.254

vpdn enable

!

vpdn-group L2TP

! Default L2TP VPDN group

accept-dialin

  protocol l2tp

  virtual-template 1

no l2tp tunnel authentication

!

!

!

crypto pki trustpoint TP-self-signed-2056412050

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2056412050

revocation-check none

rsakeypair TP-self-signed-2056412050

!

crypto pki trustpoint test_trustpoint_config_created_for_sdm

subject-name [email protected]

revocation-check crl

!

!

crypto pki certificate chain TP-self-signed-2056412050

certificate self-signed 01

  ###SECRET###

  quit

crypto pki certificate chain test_trustpoint_config_created_for_sdm

username computer privilege 15 secret 5 ###SECRET###

username vvadillo privilege 15 secret 5 ###SECRET###

!

!

crypto logging ezvpn

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

lifetime 3600

crypto isakmp key [email protected] hostname cdi.local

crypto isakmp keepalive 3600

crypto isakmp client configuration address-pool local SDM_POOL_1

!

crypto isakmp client configuration group CORDOBA

key ###SECRET###

dns 10.0.0.3 80.58.61.250

wins 10.0.0.3

domain cdi.local

pool SDM_POOL_1

acl Local_LAN_Access

save-password

include-local-lan

netmask 255.0.0.0

crypto isakmp profile ciscocp-ike-profile-1

   match identity group CORDOBA

   client authentication list ciscocp_vpn_xauth_ml_2

   isakmp authorization list ciscocp_vpn_group_ml_2

   client configuration address initiate

   client configuration address respond

   virtual-template 2

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ipnetconfig esp-3des esp-sha-hmac

mode transport

!

crypto ipsec profile CiscoCP_Profile1

set transform-set ESP-3DES-SHA

set isakmp-profile ciscocp-ike-profile-1

!

!

crypto dynamic-map DYNAMIC_MAP 10

set nat demux

!

crypto dynamic-map ipnetconfig-map 10

set nat demux

set transform-set ipnetconfig

!

!

crypto map cisco 10 ipsec-isakmp dynamic ipnetconfig-map

!

!

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address ###EXTERNAL ADSL IP###

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

no snmp trap link-status

pvc 8/32

  encapsulation aal5snap

!

!

interface FastEthernet0

crypto map cisco

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1 type tunnel

ip unnumbered FastEthernet0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

tunnel mode ipsec ipv4

!

interface Virtual-Template2 type tunnel

ip unnumbered Vlan1

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

!

interface Dot11Radio0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.0.0.1 255.0.0.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

ip local pool SDM_POOL_1 10.0.10.1 10.0.10.254

ip route 0.0.0.0 0.0.0.0 ATM0.1

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list 1 interface ATM0.1 overload

ip nat inside source static tcp 10.0.0.3 4389 interface ATM0.1 4389

ip nat inside source static tcp 10.11.0.16 21 interface ATM0.1 21

!

ip access-list extended Local_LAN_Access

remark CCP_ACL Category=4

permit ip 10.0.0.0 0.0.0.255 any

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.0.0.0 0.255.255.255

access-list 100 remark CCP_ACL Category=4

access-list 100 permit ip 11.0.0.0 0.255.255.255 any

access-list 101 remark CCP_ACL Category=4

access-list 101 permit ip any any

no cdp run

!

control-plane

!

banner login ^C

-----------------------------------------------------------------------


-----------------------------------------------------------------------


^C

!

line con 0

no modem enable

line aux 0

line vty 0 4

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

============================================

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion