Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client 3.x with Cisco 831

Im trying to setyup VPN. This is our setup



I have setup Router C as a VPN router so users using the internal wireless

network can access our internal LAN via VPN. VPN connection is established

using cisco client 3.x, however the laptop is not able to ping any internal

host nor access the internet. Here is an ex. of my config

aaa new-model



aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

ip subnet-zero

no ip domain lookup

ip domain name x.x.x.x.x

ip dhcp excluded-address x.x.x.x.x


ip dhcp pool SERVER

network x.x.x.x.x.0

domain-name x.x.x.x.x

dns-server x.x.x.x.x x.x.x.x.x

default-router x.x.x.x.x

lease infinite


ip audit notify log

ip audit po max-events 100


crypto isakmp policy 3

encr 3des

authentication pre-share

group 2


crypto isakmp client configuration group VPN-GROUP

key password

dns x.x.x.x.x x.x.x.x.x

pool ippool

acl 108


!crypto ipsec transform-set myset esp-3des esp-sha-hmac


crypto dynamic-map dynmap 10

set transform-set myset


crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap


interface Ethernet0

ip address x.x.x.x.x

no cdp enable

hold-queue 100 out


interface Ethernet1

ip address x.x.x.x.x

crypto map clientmap


ip local pool ippool x.x.x.x.x.100 x.x.x.x.x.110

ip classless

ip route x.x.x.x.x

ip route x.x.x.x.x x.x.x.x.x

ip route x.x.x.x.x x.x.x.x.x

ip route x.x.x.x.x x.x.x.x.x

ip route x.x.x.x.x x.x.x.x.x

no ip http server


!ip access-list extended inacl


access-list 108 permit ip x.x.x.x. x.x.x.x.

WIthout VPN, users can access internet and the LAN, however we would prefer

if the VPN for more security. Any suggestions?

Thank you.

Cisco Employee

Re: VPN Client 3.x with Cisco 831

It's a little hard to tell from your config, but you say that it works without the VPN. Once the VPN packet's are unencrypted and placed on the internal network, the only difference between them and between a non-encrypted packet will be the source address. The VPN packets will look like they've come from an address in your VPN pool (x.x.x.x.x.100 x.x.x.x.x.110), so you need to make sure that RouterB and the PIX have routes for these hosts that eventually point back to RouterC. To get through to the Internet also, the PIX will need a static or a nat/global pair that references this pool of addresses also.