Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

EasyVPN woes

Hey all,

I have easyvpn setup for network extension mode between my site and a remote site. This is what it looks like in a nutshell.

My End

Router

=

= VPN Tunnel

= Internet

= /

= /

=/

Remote PIX501

:

:

:

Remote Router

:

:

Remote LAN

As you can see the remote site's internet and vpn tunnel are from the same interface on the pix.

Basically when the Local LAN is connected directly to the PIX, internet fails but the vpn tunnel works. If the router is added, nothing works. However, if I bring down the vpn tunnel and the router is added, then internet works fine.

Here is the config I had them input at the remote PIX501:

vpnclient server [my public interface]

vpnclient mode network-extension-mode

vpnclient vpngroup groupname password blahblah

vpnclient username someuser password blahblah

Here is my current ocnfig of my router:

aaa new-model

!

!

aaa authentication login localuser local

aaa authorization network NSSOLVPN local

!

aaa session-id common

!

resource policy

!

no network-clock-participate slot 1

no network-clock-participate wic 0

ip subnet-zero

!

!

no ip dhcp use vrf connected

!

!

!

!

username [snip] password 7 [snip]

username [snip] password 7 [snip]

!

!

controller T3 1/0

cablelength 10

description MCI DS3 W0M95313

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp keepalive 90 12

crypto isakmp xauth timeout 60

!

crypto isakmp client configuration group vpngroup

key [snip]

dns 192.168.x.x 192.168.x.x

wins 192.168.x.x 192.168.x.x

pool vpn-pool

acl 104

save-password

!

!

crypto ipsec transform-set TRANSFORM-1 esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set TRANSFORM-1

reverse-route

!

!

crypto map dynmap client authentication list localuser

crypto map dynmap isakmp authorization list vpngroup

crypto map dynmap client configuration address respond

crypto map dynmap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

interface FastEthernet0/0

!

interface FastEthernet0/1

!

interface Serial1/0

bandwidth 44210

ip address mypublicinterface 255.255.255.252

ip verify unicast reverse-path

ip virtual-reassembly

rate-limit input access-group 102 3000000 562500 1125000 conform-act

e exceed-action drop

rate-limit input access-group 105 3000000 562500 1125000 conform-act

e exceed-action drop

encapsulation ppp

ip route-cache flow

keepalive 8 3

dsu bandwidth 6316

scramble

crypto map dynmap

!

ip local pool vpn-pool 192.168.1.150 192.168.1.160

ip classless

ip route 0.0.0.0 0.0.0.0 Serial1/0

!

!

ip http server

ip http secure-server

!

!

logging trap debugging

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 104 permit ip remotesiteiprange 0.0.0.255 localdmziprange 0.0.0.255

snmp-server ifindex persist

!

I asked them to change their default gateway of their machines to point to their router and then the router's default gateway to the PIX. Same problem. :(

1 REPLY
Anonymous
N/A

Re: EasyVPN woes

Easy VPN greatly simplifies virtual private network (VPN) deployment for remote offices and teleworkers. For more details regarding the configuration of Easy VPN follow the url,

http://www.cisco.com/en/US/products/ps6659/products_ios_protocol_option_home.html

81
Views
0
Helpful
1
Replies