Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client for Public Internet on a Stick


I've implemented "the Router and VPN Client for Public Internet on a Stick Configuration Example" ( I've added these lines to my 878 router config. I connect from a remote site with Cisco VPN client. From the VPN client, the situation is :

- Full access to hosts on Internet = OK

- Can PING hosts at the router site (

- Have no access to hosts at the router site ( = NOK

I've added these lines to my 877 configuration. At this time, firewall not activated.

aaa new-model


aaa authentication login userauthen local


aaa authorization network groupauthor local


aaa session-id common

username ... password 0 ...

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group ?

key ?


pool ippool


crypto ipsec transform-set myset esp-3des esp-md5-hmac


crypto dynamic-map dynmap 10

set transform-set myset



crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap


interface Loopback0

ip address

ip nat inside

ip virtual-reassembly

interface Dialer1

ip nat outside

ip policy route-map VPN-Client

crypto map clientmap

ip local pool ippool

ip nat inside source list 102 interface Dialer1 overload

access-list 102 permit ip any any

access-list 144 permit ip any

route-map VPN-Client permit 10

match ip address 144

set interface Loopback0

Any idea to solve the 3rd point? All the VPN traffic is set to the loopback interface. Do I have to modify the route-map to set only the external traffic on this interface ?

Kind regards,



Re: VPN Client for Public Internet on a Stick

Probably, check the network list in the vpn server whether it is properly configured in such a way that the network is allowed.

CreatePlease login to create content