Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco 827 with client cisco vpn 3.5

Unanswered Question
May 23rd, 2002
User Badges:

Hi, I have a big problema with my vpn, when I connect with the router via internet and cisco client vpn 3.5 I haven´t any problem. I can see my servers on my LAN via ping with my dns server but my problem is when i want to use the lan resources, my printers or my sharing folder I can´t. I dont Know what is the problem.

This is may configuration router:

Current configuration : 3389 bytes


version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption


hostname CISCOADSL


aaa new-model



aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

enable secret xxxxxxxxxxxxxxxxxxxxxxxxxx

enable password 7 xxxxxxxxxxxxxxxxxxxxx


username COMAcceso password xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

username xxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero



crypto isakmp policy 1

hash md5

authentication pre-share


crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxxxxxxxx address xxxxxxxxxxxxxxxxxxx

crypto isakmp key xxxxxxxxxxxxxxxaddress xxxxxxxxxxxxxxxxxxx


crypto isakmp client configuration group rasvpn

key cisco123



domain voiceware.net

pool ippool

acl 101



crypto ipsec transform-set vpn-transform esp-des esp-md5-hmac

crypto ipsec transform-set ras-transform esp-3des esp-sha-hmac


crypto dynamic-map dynmap 10

set transform-set ras-transform



crypto map vpnclient 1 ipsec-isakmp

set peer xxxxxxxx

set transform-set vpn-transform

match address 107

crypto map vpnclient 2 ipsec-isakmp

set peer xxxxxxxxx

set transform-set vpn-transform

match address 109


crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap





interface Loopback0

no ip address


interface Ethernet0

ip address

ip nat inside

no ip mroute-cache

hold-queue 100 out


interface ATM0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

pvc 0/33

encapsulation aal5mux ppp dialer

dialer pool-member 1



dsl operating-mode auto

hold-queue 224 in


interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

no ip route-cache

no ip mroute-cache

dialer pool 1

ppp authentication chap

ppp chap hostname xxxxxxxxxxxxxxx

ppp chap password xxxxxxxxxxxxxxx

crypto map clientmap


ip local pool ippool

ip nat inside source route-map nonat interface Dialer0 overload

ip nat inside source static tcp 110 110 extendabl


ip nat inside source static tcp 80 80 extendable

ip nat inside source static tcp 25 25 extendable

ip nat inside source static tcp 1352 1352 extenda


ip classless

ip route Dialer0

no ip http server

ip pim bidir-enable



access-list 101 deny ip

access-list 101 permit ip any

access-list 107 permit ip

access-list 107 permit ip

access-list 109 permit ip

access-list 109 permit ip


route-map nonat permit 1

match ip address 101



line con 0

stopbits 1

line vty 0 4

password xxxxxxxxxxxxxxxxxx


scheduler max-task-time 5000



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jfrahim Thu, 05/23/2002 - 12:25
User Badges:
  • Cisco Employee,

Are you able to map the drives via the ip address?

Mapping the drives typically use WINS server for name resolution rather than dns server


cviolero Mon, 05/27/2002 - 03:53
User Badges:

Yes, I use the ip address but I can´t use the lan resources

Anyboy can help me ¿¿¿


j.antunes Mon, 05/27/2002 - 04:07
User Badges:

Try removing the route-map and assign the NAT command directly to the access-list as follows:

ip nat inside source list 101 interface Dialer1 overload

I had the same problem, I didn't do deep tests, but it worked for me!


This Discussion