can anybody help i have set up a small lab at home to practice vpns ordinary
site to site and easy vpn server/client networks using network extension mode
all work fine but have hit a snag when setting up a easy vpn server/client network
using client mode,Due to the lack of any configuration examples i have set it
up using the configs below but the bottom line is that it fails to work all i get
when trying to make a connection from a computer at the client end to a server at
server end is the led's on the client firewall flicker for a few seconds but no
connection is established can some one please look at the configs below and tell me
wether or not i have it set up correctly.
regards
Melvyn Brown
515 EASY VPN SERVER running o/s 7.04
interface ethernet0
nameif outside
ip address 192.168.2.1 255.255.255.0
speed 100
duplex full
no shut
interface ethernet1
nameif inside
ip address 192.168.5.1 255.255.255.0
speed 100
duplex full
no shut
nat (inside) 1 0 0
global (outside) 1 interface
route outside 0 0 192.168.2.2
access-list 101 permit ip 192.168.5.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 102 permit ip 192.168.5.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list 101
username cisco password password
sysopt connection permit-ipsec
crypto ipsec transform-set crypto1 esp-3des esp-md5-hmac
crypto dynamic-map dynomap 20 set transform-set crypto1
crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap
crypto map vpnpeer interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
group-policy training internal
group-policy training attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 102
tunnel-group training type ipsec-ra
tunnel-group training general-attributes
default-group-policy training
tunnel-group training ipsec-attributes
pre-shared-key cisco
501 EASY VPN CLIENT running os 6.3
interface ethernet0 100full
ip address outside 192.168.2.2 255.255.255.0
interface ethernet1 100full
ip address inside 192.168.1.1 255.255.255.0
nat (inside) 1 0 0
global (outside) 1 interface
route outside 0 0 192.168.2.1
dhcpd dns 192.168.5.2
dhcpd domain acme.com
dhcpd address 192.168.1.2-192.168.1.20 inside
dhcpd enable inside
vpnclient server 192.168.2.1
vpnclient mode client-mode
vpnclient vpngroup training password cisco
vpnclient username cisco password password
vpnclient enable