Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EZVPN Client can PING remote hosts but can't access SMB shares

I've recently created a VPN configuration on a 1721-K9 router running IOS (C1700-ADVSECURITYK9-M), Version 12.4(15)T7. The Windows XP SP2 client running Cisco VPN Client can connect and ping hosts on the remote LAN but can't access SMB shares or telnet to hosts. I've turned off the Windows Firewall and removed the ACL on the router's upstream interface. The VPN client is behind another 1721 with NAT. Any ideas, anyone?

Here are the relevant portions of the IOS configuration:

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

lifetime 600

crypto isakmp keepalive 20 5

crypto isakmp nat keepalive 20

crypto isakmp client configuration address-pool local VPN-pool


crypto isakmp client configuration group VPN-group

key groupkey

dns dns1.ip dns2.ip



pool VPN-pool

acl 150


access-list 150 permit ip


crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac


crypto dynamic-map dynmap 1

set transform-set transform-1



crypto map dynmap isakmp authorization list VPM-group

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap


crypto ctcp port 10000


log config



interface Loopback0

ip address


interface FastEthernet0

description configuration setup IP

ip address

ip nat inside

ip virtual-reassembly

speed auto

no cdp enable


interface Serial0

bandwidth 1540

ip address serial.ip

ip nat outside

ip virtual-reassembly

no fair-queue

no cdp enable

crypto map dynmap


ip local pool VPN-pool


ip route Serial0


ip nat inside source list 1 interface Serial0 overload

ip nat inside source static public.113

ip nat inside source static public.114

ip nat inside source static public.115

ip nat inside source static public.116


access-list 1 permit