Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

seeking advice on vpnclient accessing lan server

Hi guys,

I would like to seek some advice on my network setup.

pc running vpnclient (10.0.1.2)

|

<internet>

|

(int e0/0 dynamic ip)

Cisco 2611 (NAT and VPN server)

(int e0/1 10.0.0.1/24)

|

<ethernet>

|

server (10.0.0.100/24)

with regards to the following setup, currently from my pc vpnclient, i cannot access my server though my vpn connection is setup succesfully.

could someone please enlighten me on how to troubleshoot this?.. thanks in advance.

below is the relevant parts of my config

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group MYGROUP

key VPNKEY

domain vpn.xxx.com

pool vpnpool

acl vpnpool

!

!

crypto ipsec transform-set ESP-3DES esp-3des esp-sha-hmac

!

crypto dynamic-map CRYPTO_MAP 1

set security-association lifetime seconds 86400

set transform-set ESP-3DES

reverse-route

!

!

crypto map CRYPTO_MAP client authentication list authenList

crypto map CRYPTO_MAP isakmp authorization list authorList

crypto map CRYPTO_MAP client configuration address respond

crypto map CRYPTO_MAP 20 ipsec-isakmp dynamic CRYPTO_MAP

!

!

!

!

interface Ethernet0/0

ip address dhcp

ip access-group OUTSIDEACL in

ip nat outside

ip inspect FW out

half-duplex

no cdp enable

crypto map CRYPTO_MAP

!

interface Ethernet0/1

ip address 10.0.0.1 255.255.255.0

ip nat inside

full-duplex

no cdp enable

ip access-list extended OUTSIDEACL

deny icmp any any

permit tcp any any eq 22

permit tcp any any eq 25421

permit tcp any any eq 8022

permit tcp any any eq 9022

permit tcp any any eq 8080

permit udp any eq isakmp any eq isakmp

permit esp any any

deny tcp any any

permit udp any eq ntp any

permit udp any eq bootps any

deny udp any any

deny ip any any

ip access-list extended vpnpool

permit ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255

permit ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255

2 REPLIES

Re: seeking advice on vpnclient accessing lan server

Hi

You have missed out to post the ip pool in the process and also you are trying to create ipsec tunnel with dynamic ips on both the sides which i feel is not a generic thing to do so..

regds

New Member

Re: seeking advice on vpnclient accessing lan server

hi kumar, thanks for pointing that out.

here's the ip pool

ip local pool vpnpool 10.0.0.103 10.0.0.105

as for dynamic ips.. i think it should be alright cos the ip on my router changes very very infrequently (almost static)

141
Views
0
Helpful
2
Replies
CreatePlease to create content