Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS VPN using VPN client = VPN and ping OK no traffic

Hi there,

I currently setup an 826 (IOS (tm) C820 Software (C820-K8OSY6-M), Version 12.2(2)T4, RELEASE SOFTWARE (fc3)) ADSL connection to an ISP using NAT. I also configured some redirections (PAT) to the mail and web server on the internal LAN. Finally I want to add a "road worrior" using any ISP connecting via an IPsec VPN the internal LAN. VPN setup including key exchange finish smoothly and I can also ping the internal systems, all standard internal to external traffic also OK. But when I want to access systems on any ip protocol (telnet / ssh ...) I can access the internal systems. Hereby my simple config, give it a shot....

current config:

version 12.2

no parser cache

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname a213-84-19-156

!

logging rate-limit console 10 except errors

enable secret 5 $1$y/EK$wAisMWMGiTJ/1ZFyLTg.y.

enable password XXXXXX

!

ip subnet-zero

ip domain-name adsl.xs4all.nl

ip name-server 194.109.6.66

ip name-server 194.109.9.99

!

ip ssh time-out 120

ip ssh authentication-retries 3

no ip dhcp-client network-discovery

!

crypto isakmp policy 3

authentication pre-share

crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0

crypto isakmp client configuration address-pool local ourpool

!

!

crypto ipsec transform-set vpn-transform esp-des esp-md5-hmac

!

crypto dynamic-map vpn-dynamic 10

set transform-set vpn-transform

!

!

crypto map vpnclient client configuration address initiate

crypto map vpnclient client configuration address respond

crypto map vpnclient 10 ipsec-isakmp dynamic vpn-dynamic

!

!

!

!

interface Ethernet0

ip address 10.124.77.250 255.255.255.0

ip nat inside

no ip route-cache

no ip mroute-cache

no keepalive

!

interface ATM0

no ip address

no ip route-cache

no ip mroute-cache

no atm ilmi-keepalive

pvc 0 8/48

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

bundle-enable

!

interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username jtel@xs4all-fast-adsl password 7 030E4F0E0A5D70

crypto map vpnclient

!

ip local pool ourpool 10.124.78.1 10.124.78.254

ip nat inside source route-map nonat interface Dialer0 overload

ip nat inside source static tcp 10.124.77.55 443 <ip internet> 443 extendable

ip nat inside source static tcp 10.124.77.55 80 <ip internet> 80 extendable

ip nat inside source static tcp 10.124.77.55 22 <ip internet> 22 extendable

ip nat inside source static tcp 10.124.77.55 10000 <ip internet> 10000 extendabl

e

ip nat inside source static tcp 10.124.77.55 25 <ip internet> 25 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0 permanent

no ip http server

!

access-list 100 permit ip any any

access-list 105 deny ip 10.124.77.0 0.0.0.255 10.124.78.0 0.0.0.255

access-list 105 permit ip 10.124.77.0 0.0.0.255 any

access-list 105 permit ip 10.124.78.0 0.0.0.255 any

dialer-list 1 protocol ip permit

route-map nonat permit 10

match ip address 105

!

snmp-server engineID local 000000090200000427FCDCCE

snmp-server community public RO

!

line con 0

exec-timeout 120 0

stopbits 1

line vty 0 4

exec-timeout 0 0

password xxxxx

login

!

scheduler max-task-time 5000

end

  • Other Security Subjects
1 REPLY
New Member

Re: IOS VPN using VPN client = VPN and ping OK no traffic

Small type mistake:

standard internal to external traffic also OK. But when I want to access systems on any ip protocol (telnet / ssh ...) I can not! access the internal systems. Hereby my simple config, give it a shot....

Thanks so far..

124
Views
0
Helpful
1
Replies
This widget could not be displayed.