Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EZVPN Client can PING remote hosts but can't access SMB shares

I've recently created a VPN configuration on a 1721-K9 router running IOS (C1700-ADVSECURITYK9-M), Version 12.4(15)T7. The Windows XP SP2 client running Cisco VPN Client 5.0.04.033 can connect and ping hosts on the remote LAN but can't access SMB shares or telnet to hosts. I've turned off the Windows Firewall and removed the ACL on the router's upstream interface. The VPN client is behind another 1721 with NAT. Any ideas, anyone?

Here are the relevant portions of the IOS configuration:

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

lifetime 600

crypto isakmp keepalive 20 5

crypto isakmp nat keepalive 20

crypto isakmp client configuration address-pool local VPN-pool

!

crypto isakmp client configuration group VPN-group

key groupkey

dns dns1.ip dns2.ip

wins 10.0.1.250

domain domain.com

pool VPN-pool

acl 150

!

access-list 150 permit ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255

!

crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 1

set transform-set transform-1

reverse-route

!

crypto map dynmap isakmp authorization list VPM-group

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

!

crypto ctcp port 10000

archive

log config

hidekeys

!

interface Loopback0

ip address 10.0.2.1 255.255.255.0

!

interface FastEthernet0

description configuration setup IP

ip address 10.0.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

no cdp enable

!

interface Serial0

bandwidth 1540

ip address serial.ip 255.255.255.252

ip nat outside

ip virtual-reassembly

no fair-queue

no cdp enable

crypto map dynmap

!

ip local pool VPN-pool 10.0.2.2 10.0.2.254

!

ip route 0.0.0.0 0.0.0.0 Serial0

!!

ip nat inside source list 1 interface Serial0 overload

ip nat inside source static 10.0.1.208 public.113

ip nat inside source static 10.0.1.249 public.114

ip nat inside source static 10.0.1.250 public.115

ip nat inside source static 10.0.1.77 public.116

!

access-list 1 permit 10.0.1.0 0.0.0.255

149
Views
0
Helpful
0
Replies