Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Problem with vpn client

I have 4 lines aggregate with a router 7200. (to see attached scheme). I have available 128 public ip addresses.

On the interface gigabitethernet 0/2 I have configure one of ip address public to which I have connected a switch.

Connected to the switch I have a router 2810 with another public ip address.

I have to configure a vpn as a connected remote pc to internet through modem and without an address static ip.

I have tried the configuration that I write under. If I try to connect to the public ip address of the router 2810 the configuration work.

The same configuration if I connect me to the router 7200 it doesn't allow me the connection; if I connect me from the pc1 (with one of the 128 addresses disposition ip) then it works.

How can I connect to the router 7200 directly? What do I have to add to the configuration?

Thanks for the help

Allegato la configurazione che ho utilizzato presa da un documento cisco.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service internal


hostname Cisco

Cisco Systems, Inc.

All contents are Copyright ? 1992?2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 6 of 9


aaa new-model



aaa authentication login userlist local

aaa authorization network hw-client-groupname local

aaa session-id common

enable password cisco


username cisco password 0 xxxxxx

memory-size iomem 15

clock timezone - 0 6

ip subnet-zero

no ip source-route



ip domain-name


ip audit notify log

ip audit po max-events 100


crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local dynpool


crypto isakmp client configuration group hw-client-groupname

key hw-client-password

dns 30.30.x.x.30.30.11

wins 30.30.x.x.30.30.13


pool dynpool



crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac


crypto dynamic-map dynmap 1

set transform-set transform-1




crypto map dynmap client authentication list userlist

crypto map dynmap isakmp authorization list hw-client-groupname

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap



interface Ethernet0/0

description connected to INTERNET

ip address 20.x.x.x.255.255.0


no cdp enable

crypto map dynmap


interface FastEthernet0/0

description connected to HQ LAN

ip address 30.30.x.x.255.255.0

Cisco Systems, Inc.

All contents are Copyright ? 1992?2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 7 of 9

speed auto

no cdp enable


ip local pool dynpool 30.x.x.20

ip classless

ip route Ethernet0/0

no ip http server

ip pim bidir-enable



no cdp run


line con 0

line aux 0

line vty 0 4

password xxxxxxxxxx




Re: Problem with vpn client

The Cisco Easy VPN implements the Cisco Unity Client protocol, which simplifies configuring the detailed information on the client router because most VPN parameters are defined at the VPN remote access server. The server can be a dedicated VPN device, such as a VPN 3000 concentrator or a Cisco PIX Firewall, or a Cisco IOS router that supports the Cisco Unity Client protocol. The sample configuration uses the Cisco 1751 for the Easy VPN Server.This sample configuration uses client mode with the Movian VPN Client. In Client mode, the entire Movian VPN client address undergoes NAT to the mode config ip address that the Easy VPN Server provides.The Movian VPN Client forwards the Internet traffic to the Easy VPN Server. Direct access to the Cisco 806 Easy VPN Client by traffic other than the encrypted traffic from the Easy VPN Server is denied. An alternative configuration of the Cisco Easy VPN Server called split tunneling forwards the Internet traffic directly without encryption.

Check the configurations given in the below url for 7200 configuration

CreatePlease to create content