02-11-2007 04:47 AM - edited 02-21-2020 02:51 PM
Hi,
I?ve a 1721 cisco router with one adsl wic card.
This router provides me internet conection and nat(dmz servers).
Now, I need to implement with this router an easy vpn server to provide vpn conection to clients who use cisco vpn client 4.8 software.
I follow step by step the instructions to enable the server but, when the wizar tells me about an address pool...I do not know.
The router has 2 fastethernet addresses, 192.168.156.253 and 192.168.158.253(secondary).
My lan works whith 192.168.156.x address.
what will be the address pool?
Best regards
heze54
Solved! Go to Solution.
02-27-2007 11:54 AM
Hi,
There is my sdm config file.
The remote clients who connect using remote vpn client have to connect using the tunnel and have local connection (split tunneling).
Can you change my configuration to implement this?
Is possible to only permit this remote prifile to connect to an specific ip? ofr example only permit to connect to 192.16.156.50...
best regrads
02-27-2007 03:36 PM
Edgar,
access-list 140 per ip host 192.168.156.50 192.168.50.0 0.0.0.255
crypto isakmp client configuration group serlogis
acl 140
Test this out and let me know. The above example is to provide split tunneling and also to allow only the host 192.16.156.50 to have access to the VPN client network.
Cheers
Gilbert
Rate this post, if it helps!
02-28-2007 06:01 AM
Hi,
I?ve added this command lines to my 1721 router but it does not works.
The vpn client software reports errors connecting.
I only add this lines.
best regards
02-28-2007 07:12 AM
Edgar,
Turn on the following debugs on the router
deb cry isa & deb cry ipsec.
If you are going to telnet to the router, please insert the command "term mon" to get the debugs show up on the screen.
On the client, there is a tab for Log | Log Settings, can you enable everything to 1-5 and make sure you enable the Logging on the client.
Then open the window for logging.
Connect with the client and let me know what are the results.
We can troubleshoot from there.
Hope this helps.
Gilbert
02-28-2007 07:36 AM
HI,
today i?ll send you the changed configuration and i?ll make the probes and attach the log files
02-28-2007 08:57 AM
02-28-2007 09:37 AM
Edgar,
You need to enable debugs on the router. Thanks for the config.
"deb cry isa" and "deb cry ipsec" are the debugs that needs to be enabled when the client is trying to connect.
Thanks
Gilbert
02-28-2007 10:24 AM
Hi,
i?ve enabled them but no debug was shown.
02-28-2007 11:32 AM
I've to delete acl 140 and the access list 140 in order to access using vpn remote client.
02-28-2007 04:03 PM
Edgar,
If that would be the case, seems like the VPN client connection is getting stuck when the split tunnel ACL is being sent over to the client.
Further, in-depth troubleshooting has to be done on this issue. Please open a TAC case and one of the engineers will be able to help you out.
Sorry Edgar, troubleshooting further with access will be the best method to figure out this issue.
Cheers,
Gilbert
03-01-2007 05:23 AM
Hi
Local lan is enabled.. is this option a problem?
I'll try to disable it and then add your configuration and... we'll see
03-05-2007 08:32 AM
Hi,
Another problem
I have a 1721 cisco router with one adsl wic installed.It has a wan address with we want to change because our ISP needs to change ....
Using SDM , which is the best way to do?If I change the ip using SDM the router will change my nat configuration from the older WAN address to the new??
Best regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide