Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with vpn client

I have 4 lines aggregate with a router 7200. (to see attached scheme). I have available 128 public ip addresses.

On the interface gigabitethernet 0/2 I have configure one of ip address public to which I have connected a switch.

Connected to the switch I have a router 2810 with another public ip address.

I have to configure a vpn as a connected remote pc to internet through modem and without an address static ip.

I have tried the configuration that I write under. If I try to connect to the public ip address of the router 2810 the configuration work.

The same configuration if I connect me to the router 7200 it doesn't allow me the connection; if I connect me from the pc1 (with one of the 128 addresses disposition ip) then it works.

How can I connect to the router 7200 directly? What do I have to add to the configuration?

Thanks for the help

Allegato la configurazione che ho utilizzato presa da un documento cisco.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service internal

!

hostname Cisco

Cisco Systems, Inc.

All contents are Copyright ? 1992?2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 6 of 9

!

aaa new-model

!

!

aaa authentication login userlist local

aaa authorization network hw-client-groupname local

aaa session-id common

enable password cisco

!

username cisco password 0 xxxxxx

memory-size iomem 15

clock timezone - 0 6

ip subnet-zero

no ip source-route

!

!

ip domain-name cisco.com

!

ip audit notify log

ip audit po max-events 100

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local dynpool

!

crypto isakmp client configuration group hw-client-groupname

key hw-client-password

dns 30.30.x.x.30.30.11

wins 30.x0.30.x.30.30.13

domain cisco.com

pool dynpool

!

!

crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 1

set transform-set transform-1

reverse-route

!

!

crypto map dynmap client authentication list userlist

crypto map dynmap isakmp authorization list hw-client-groupname

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

!

!

interface Ethernet0/0

description connected to INTERNET

ip address 20.20.x.x.255.255.0

half-duplex

no cdp enable

crypto map dynmap

!

interface FastEthernet0/0

description connected to HQ LAN

ip address 30.30.x.x.255.255.0

Cisco Systems, Inc.

All contents are Copyright ? 1992?2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 7 of 9

speed auto

no cdp enable

!

ip local pool dynpool 30.30.x.x.30.30.30

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

no ip http server

ip pim bidir-enable

!

!

no cdp run

!

line con 0

line aux 0

line vty 0 4

password xxxxxxxxxx

!

end

2 REPLIES
Silver

Re: Problem with vpn client

Your cryptomap is missing the ACL to match traffic. The crypto-map won't be considered complete until you set an ACL!

Please let me know how it goes,

Regards,

131
Views
0
Helpful
2
Replies
CreatePlease login to create content