Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Problem with vpn client

I have 4 lines aggregate with a router 7200. (to see attached scheme). I have available 128 public ip addresses.

On the interface gigabitethernet 0/2 I have configure one of ip address public to which I have connected a switch.

Connected to the switch I have a router 2810 with another public ip address.

I have to configure a vpn as a connected remote pc to internet through modem and without an address static ip.

I have tried the configuration that I write under. If I try to connect to the public ip address of the router 2810 the configuration work.

The same configuration if I connect me to the router 7200 it doesn't allow me the connection; if I connect me from the pc1 (with one of the 128 addresses disposition ip) then it works.

How can I connect to the router 7200 directly? What do I have to add to the configuration?

Thanks for the help

Allegato la configurazione che ho utilizzato presa da un documento cisco.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service internal

!

hostname Cisco

Cisco Systems, Inc.

All contents are Copyright ? 1992?2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 6 of 9

!

aaa new-model

!

!

aaa authentication login userlist local

aaa authorization network hw-client-groupname local

aaa session-id common

enable password cisco

!

username cisco password 0 xxxxxx

memory-size iomem 15

clock timezone - 0 6

ip subnet-zero

no ip source-route

!

!

ip domain-name cisco.com

!

ip audit notify log

ip audit po max-events 100

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local dynpool

!

crypto isakmp client configuration group hw-client-groupname

key hw-client-password

dns 30.30.x.x.30.30.11

wins 30.30.x.x.30.30.13

domain cisco.com

pool dynpool

!

!

crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 1

set transform-set transform-1

reverse-route

!

!

crypto map dynmap client authentication list userlist

crypto map dynmap isakmp authorization list hw-client-groupname

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

!

!

interface Ethernet0/0

description connected to INTERNET

ip address 20.x.x.x.255.255.0

half-duplex

no cdp enable

crypto map dynmap

!

interface FastEthernet0/0

description connected to HQ LAN

ip address 30.30.x.x.255.255.0

Cisco Systems, Inc.

All contents are Copyright ? 1992?2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 7 of 9

speed auto

no cdp enable

!

ip local pool dynpool 30.x.x.20 30.30.30.30

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

no ip http server

ip pim bidir-enable

!

!

no cdp run

!

line con 0

line aux 0

line vty 0 4

password xxxxxxxxxx

!

end

1 REPLY
Anonymous
N/A

Re: Problem with vpn client

The Cisco Easy VPN implements the Cisco Unity Client protocol, which simplifies configuring the detailed information on the client router because most VPN parameters are defined at the VPN remote access server. The server can be a dedicated VPN device, such as a VPN 3000 concentrator or a Cisco PIX Firewall, or a Cisco IOS router that supports the Cisco Unity Client protocol. The sample configuration uses the Cisco 1751 for the Easy VPN Server.This sample configuration uses client mode with the Movian VPN Client. In Client mode, the entire Movian VPN client address undergoes NAT to the mode config ip address that the Easy VPN Server provides.The Movian VPN Client forwards the Internet traffic to the Easy VPN Server. Direct access to the Cisco 806 Easy VPN Client by traffic other than the encrypted traffic from the Easy VPN Server is denied. An alternative configuration of the Cisco Easy VPN Server called split tunneling forwards the Internet traffic directly without encryption.

Check the configurations given in the below url for 7200 configuration

http://www.cisco.com/en/US/products/ps6635/products_white_paper09186a008018913e.shtml

227
Views
0
Helpful
1
Replies
CreatePlease to create content