VPN Client issue

reich.marshal · ‎01-06-2008

Hi,

I've configured our router to allow vpn client(IPSec Type , not pptp) to access our network , with cisco vpn client , connection is made successfully and authenticates but I've got two problems with it :

1)when the client authenticates in it can't see anywhere , although I've created an access list allowing them(VPN Range) to access any.

2)with IP local pool I can't assign any gateway to the users , how is it possible to assign a gateway for the remote VPN clients.

here is the main part of my config:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxx address 0.0.0.0 0.0.0.0

no crypto isakmp ccm

!

crypto isakmp client configuration group xxxx

key xxxxx

dns x.x.x.x

domain x.com.au

pool xpool

netmask 255.255.255.0

crypto isakmp profile VPNclient

description VPN clients profile

match identity group xnet

client authentication list clientauth

isakmp authorization list groupauthor

client configuration address respond

!

crypto ipsec transform-set x-set esp-3des esp-sha-hmac

!

crypto dynamic-map dyna-x 1

set transform-set x-set

set isakmp-profile VPNclient

!

crypto map xMap 5 ipsec-isakmp dynamic dyna-x

ip access-list extended VPN-Client

permit ip any 172.31.120.0 0.0.0.255

ajagadee · ‎01-09-2008

Do you have any NAT configured on the router. If so, have you bypassed NAT range of IP Addresses configured for the Pool xpool.

Once the VPN Client is connected, can you capture the "Show crypto ipsec sa" and post the outputs.

Regards,

Arul