×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco 827 with client cisco vpn 3.5

Unanswered Question
May 23rd, 2002
User Badges:

Hi, I have a big problema with my vpn, when I connect with the router via internet and cisco client vpn 3.5 I haven´t any problem. I can see my servers on my LAN via ping with my dns server but my problem is when i want to use the lan resources, my printers or my sharing folder I can´t. I dont Know what is the problem.

This is may configuration router:

Current configuration : 3389 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname CISCOADSL

!

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

enable secret xxxxxxxxxxxxxxxxxxxxxxxxxx

enable password 7 xxxxxxxxxxxxxxxxxxxxx

!

username COMAcceso password xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

username xxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxxxxxxxx address xxxxxxxxxxxxxxxxxxx

crypto isakmp key xxxxxxxxxxxxxxxaddress xxxxxxxxxxxxxxxxxxx

!

crypto isakmp client configuration group rasvpn

key cisco123

dns 192.168.143.70

wins 192.168.143.64

domain voiceware.net

pool ippool

acl 101

!

!

crypto ipsec transform-set vpn-transform esp-des esp-md5-hmac

crypto ipsec transform-set ras-transform esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set ras-transform

!

!

crypto map vpnclient 1 ipsec-isakmp

set peer xxxxxxxx

set transform-set vpn-transform

match address 107

crypto map vpnclient 2 ipsec-isakmp

set peer xxxxxxxxx

set transform-set vpn-transform

match address 109

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

interface Loopback0

no ip address

!

interface Ethernet0

ip address 192.168.143.5 255.255.255.0

ip nat inside

no ip mroute-cache

hold-queue 100 out

!

interface ATM0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

pvc 0/33

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

bundle-enable

dsl operating-mode auto

hold-queue 224 in

!

interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

no ip route-cache

no ip mroute-cache

dialer pool 1

ppp authentication chap

ppp chap hostname xxxxxxxxxxxxxxx

ppp chap password xxxxxxxxxxxxxxx

crypto map clientmap

!

ip local pool ippool 192.168.144.1 192.168.144.254

ip nat inside source route-map nonat interface Dialer0 overload

ip nat inside source static tcp 192.168.143.70 110 212.145.203.130 110 extendabl

e

ip nat inside source static tcp 192.168.143.70 80 212.145.203.130 80 extendable

ip nat inside source static tcp 192.168.143.70 25 212.145.203.130 25 extendable

ip nat inside source static tcp 192.168.143.65 1352 212.145.203.130 1352 extenda

ble

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

ip pim bidir-enable

!

!

access-list 101 deny ip 192.168.143.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 101 permit ip 192.168.143.0 0.0.0.255 any

access-list 107 permit ip 192.168.143.0 0.0.0.255 192.168.146.0 0.0.0.255

access-list 107 permit ip 192.168.145.0 0.0.0.255 192.168.146.0 0.0.0.255

access-list 109 permit ip 192.168.143.0 0.0.0.255 192.168.145.0 0.0.0.255

access-list 109 permit ip 192.168.146.0 0.0.0.255 192.168.145.0 0.0.0.255

!

route-map nonat permit 1

match ip address 101

!

!

line con 0

stopbits 1

line vty 0 4

password xxxxxxxxxxxxxxxxxx

!

scheduler max-task-time 5000

end


ANYBODY CAN HELP ME THANKS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jfrahim Thu, 05/23/2002 - 12:25
User Badges:
  • Cisco Employee,

Are you able to map the drives via the ip address?

Mapping the drives typically use WINS server for name resolution rather than dns server

Jazib

cviolero Mon, 05/27/2002 - 03:53
User Badges:

Yes, I use the ip address but I can´t use the lan resources


Anyboy can help me ¿¿¿


Thanks

j.antunes Mon, 05/27/2002 - 04:07
User Badges:

Try removing the route-map and assign the NAT command directly to the access-list as follows:


ip nat inside source list 101 interface Dialer1 overload


I had the same problem, I didn't do deep tests, but it worked for me!

Actions

This Discussion