Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with vpn client

I have 4 lines aggregate with a router 7200. (to see attached scheme). I have available 128 public ip addresses.

On the interface gigabitethernet 0/2 I have configure one of ip address public to which I have connected a switch.

Connected to the switch I have a router 2810 with another public ip address.

I have to configure a vpn as a connected remote pc to internet through modem and without an address static ip.

I have tried the configuration that I write under. If I try to connect to the public ip address of the router 2810 the configuration work.

The same configuration if I connect me to the router 7200 it doesn't allow me the connection; if I connect me from the pc1 (with one of the 128 addresses disposition ip) then it works.

How can I connect to the router 7200 directly? What do I have to add to the configuration?

Thanks for the help

Allegato la configurazione che ho utilizzato presa da un documento cisco.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service internal


hostname Cisco

Cisco Systems, Inc.

All contents are Copyright ? 1992?2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 6 of 9


aaa new-model



aaa authentication login userlist local

aaa authorization network hw-client-groupname local

aaa session-id common

enable password cisco


username cisco password 0 xxxxxx

memory-size iomem 15

clock timezone - 0 6

ip subnet-zero

no ip source-route



ip domain-name


ip audit notify log

ip audit po max-events 100


crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local dynpool


crypto isakmp client configuration group hw-client-groupname

key hw-client-password

dns 30.30.x.x.30.30.11

wins 30.x0.30.x.30.30.13


pool dynpool



crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac


crypto dynamic-map dynmap 1

set transform-set transform-1




crypto map dynmap client authentication list userlist

crypto map dynmap isakmp authorization list hw-client-groupname

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap



interface Ethernet0/0

description connected to INTERNET

ip address 20.20.x.x.255.255.0


no cdp enable

crypto map dynmap


interface FastEthernet0/0

description connected to HQ LAN

ip address 30.30.x.x.255.255.0

Cisco Systems, Inc.

All contents are Copyright ? 1992?2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 7 of 9

speed auto

no cdp enable


ip local pool dynpool 30.30.x.x.30.30.30

ip classless

ip route Ethernet0/0

no ip http server

ip pim bidir-enable



no cdp run


line con 0

line aux 0

line vty 0 4

password xxxxxxxxxx




Re: Problem with vpn client

Your cryptomap is missing the ACL to match traffic. The crypto-map won't be considered complete until you set an ACL!

Please let me know how it goes,


CreatePlease login to create content