After connecting over a remote access VPN on a 2811 I can ping the inside server but cannot map drives!
Do you guys shed some light as to why not as its this not helping at all without mapping network drives.
aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local ! aaa session-id common ! crypto isakmp policy 3 encr 3des hash md5 authentication pre-share
group 2 ! crypto isakmp client configuration group xxx key xxx dns 172.19.2.2 wins 172.19.2.2 domain xxx.com pool ippool include-local-lan netmask 255.255.255.0 ! ! crypto dynamic-map dynmap 10 set transform-set myset reverse-route ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap !
ip local pool ippool 172.19.10.1 172.19.10.50
interface Dialer1 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 ppp chap hostname ppp chap password 7 ppp pap sent-username crypto map clientmap crypto ipsec client ezvpn EASYVPN
I have resolved the issue, It was the returning traffic was being NAT'ed. When i PING any inside host I used to get reply from the outside interface/public IP and when I look at the "ip nat trans" table it was being NAT'ed. Amending the NAT access-list did not help on the router. Its such a blessing on the ASA with "NAT(0)" in this regard.
I created a loopback interface and a route-map. Route map routes the selective VPN traffic from inside to loopback and then normal routing from loopback to outside hence overcoming the NAT thing. This works for me.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :