cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
240
Views
0
Helpful
1
Replies

easy vpn problem

melvynbrown
Level 1
Level 1

can anybody help i have set up a small lab at home to practice vpns ordinary

site to site and easy vpn server/client networks using network extension mode

all work fine but have hit a snag when setting up a easy vpn server/client network

using client mode,Due to the lack of any configuration examples i have set it

up using the configs below but the bottom line is that it fails to work all i get

when trying to make a connection from a computer at the client end to a server at

server end is the led's on the client firewall flicker for a few seconds but no

connection is established can some one please look at the configs below and tell me

wether or not i have it set up correctly.

regards

Melvyn Brown

515 EASY VPN SERVER running o/s 7.04

interface ethernet0

nameif outside

ip address 192.168.2.1 255.255.255.0

speed 100

duplex full

no shut

interface ethernet1

nameif inside

ip address 192.168.5.1 255.255.255.0

speed 100

duplex full

no shut

nat (inside) 1 0 0

global (outside) 1 interface

route outside 0 0 192.168.2.2

access-list 101 permit ip 192.168.5.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 102 permit ip 192.168.5.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list 101

username cisco password password

sysopt connection permit-ipsec

crypto ipsec transform-set crypto1 esp-3des esp-md5-hmac

crypto dynamic-map dynomap 20 set transform-set crypto1

crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap

crypto map vpnpeer interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

group-policy training internal

group-policy training attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 102

tunnel-group training type ipsec-ra

tunnel-group training general-attributes

default-group-policy training

tunnel-group training ipsec-attributes

pre-shared-key cisco

501 EASY VPN CLIENT running os 6.3

interface ethernet0 100full

ip address outside 192.168.2.2 255.255.255.0

interface ethernet1 100full

ip address inside 192.168.1.1 255.255.255.0

nat (inside) 1 0 0

global (outside) 1 interface

route outside 0 0 192.168.2.1

dhcpd dns 192.168.5.2

dhcpd domain acme.com

dhcpd address 192.168.1.2-192.168.1.20 inside

dhcpd enable inside

vpnclient server 192.168.2.1

vpnclient mode client-mode

vpnclient vpngroup training password cisco

vpnclient username cisco password password

vpnclient enable

1 Reply 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: