Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client for Public Internet on a Stick

Hi,

I've implemented "the Router and VPN Client for Public Internet on a Stick Configuration Example" (http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml). I've added these lines to my 878 router config. I connect from a remote site with Cisco VPN client. From the VPN client, the situation is :

- Full access to hosts on Internet = OK

- Can PING hosts at the router site (192.168.2.0)

- Have no access to hosts at the router site (192.168.2.0) = NOK

I've added these lines to my 877 configuration. At this time, firewall not activated.

aaa new-model

!

aaa authentication login userauthen local

!

aaa authorization network groupauthor local

!

aaa session-id common

username ... password 0 ...

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group ?

key ?

dns 192.168.2.110

pool ippool

!

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

reverse-route

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

interface Loopback0

ip address 10.11.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

interface Dialer1

ip nat outside

ip policy route-map VPN-Client

crypto map clientmap

ip local pool ippool 192.168.4.1 192.168.4.20

ip nat inside source list 102 interface Dialer1 overload

access-list 102 permit ip any any

access-list 144 permit ip 192.168.4.0 0.0.0.255 any

route-map VPN-Client permit 10

match ip address 144

set interface Loopback0

Any idea to solve the 3rd point? All the VPN traffic is set to the loopback interface. Do I have to modify the route-map to set only the external traffic on this interface ?

Kind regards,

Guy

1 REPLY
Silver

Re: VPN Client for Public Internet on a Stick

Probably, check the network list in the vpn server whether it is properly configured in such a way that the network 192.168.2.0 is allowed.

352
Views
0
Helpful
1
Replies
CreatePlease login to create content