Connecting from a remote computer to a remote office using VPN X 2
I have the following problem:
we have two offices that are connected with VPN. Office 2 has a server users on office 1 use. Office 1 has remote users that connect using a VPN client.
Users in Office 1 working under NAT communicate with the server in office 2 without a problem.
The issue is that remote users of office 1 can not connect directly to the server on office 2. IE if a remote user wants to communicate with server 172.16.12.123
I add a drwaing where router 1 is found in office 1 and router 2 is found in office 2 as well as the router (1721) configuration.
Any help would be appreciated.
! ! version 12.3 service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname Router ! clock timezone est -5 clock summer-time zone recurring aaa new-model ! ! aaa authentication login userauthen group radius aaa authorization network groupauthor local aaa accounting network default start-stop group radius aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! ! ! ! crypto isakmp policy 3 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key 1******R address 22.214.171.124 no-xauth ! crypto isakmp client configuration group ****** key ***** dns 192.168.82.2 wins 192.168.82.2 domain *****.com pool ippool acl 108 ! ! crypto ipsec transform-set myset esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 1 ipsec-isakmp set peer 126.96.36.199 set transform-set myset match address 110 crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! ! interface Loopback1 ip address 188.8.131.52 255.255.255.0 ! interface Ethernet0 ip address 184.108.40.206 255.255.255.248 ip access-group filterinE0 in ip access-group filteroutE0 out ip nat outside full-duplex no cdp enable crypto map clientmap ! interface FastEthernet0 description connected to EthernetLAN ip address 192.168.82.5 255.255.255.0 ip nat inside ip policy route-map nonat speed auto full-duplex ! interface Serial0 no ip address shutdown ! router rip version 2 network 192.168.82.0 no auto-summary ! ip local pool ippool 172.16.8.1 172.16.8.250 ip nat pool Router-natpool-1 220.127.116.11 18.104.22.168 netmask 255.255.255.248 ip nat inside source list 150 pool Router-natpool-1 overload ip nat inside source static 192.168.82.5 22.214.171.124 ip classless ip route 0.0.0.0 0.0.0.0 126.96.36.199 no ip http server no ip http secure-server ! ! ! ip access-list extended filterinE0 permit udp any eq isakmp any eq isakmp permit udp any any eq isakmp permit esp any any permit udp any any eq non500-isakmp permit udp any any eq 1701 permit ip 172.16.12.0 0.0.0.255 any permit ip 172.16.8.0 0.0.0.255 any evaluate infilterE0 deny ip any any
ip access-list extended filteroutE0 permit ip host 188.8.131.52 any reflect infilterE0 permit ip host 184.108.40.206 any reflect infilterE0 permit ip any 172.16.8.0 0.0.0.255 reflect infilterE0 permit ip any 172.16.12.0 0.0.0.255 access-list 100 permit udp any eq rip any eq rip access-list 100 permit tcp any any eq www access-list 101 deny ip any any access-list 103 permit ip 192.168.82.0 0.0.0.255 172.16.8.0 0.0.0.255 access-list 108 permit ip 192.168.82.0 0.0.0.255 172.16.8.0 0.0.0.255 access-list 110 permit ip 192.168.82.0 0.0.0.255 172.16.12.0 0.0.0.255 access-list 150 deny ip 192.168.82.0 0.0.0.255 172.16.12.0 0.0.0.255 access-list 150 permit ip 192.168.82.0 0.0.0.255 any ! route-map nonat permit 11 match ip address 103 set ip next-hop 220.127.116.11 ! snmp-server community public RO snmp-server enable traps tty radius-server host 192.168.82.2 auth-port 1645 acct-port 1646 key 7 ***** radius-server authorization permit missing Service-Type ! line con 0 exec-timeout 0 0 password 7 **** line aux 0 line vty 0 4 password 7 **** ! no scheduler allocate ntp clock-period 17180216 ntp server 18.104.22.168 ntp server 22.214.171.124 ! end
Re: Connecting from a remote computer to a remote office using V
Let's see if I understand....
If you have a L2L tunnel between both offices, then you are not going to be able to connect from the remote office using the VPN client (if using the same public IP as the L2L connection).
This is because the main office will already have a VPN tunnel established with the public IP of the remote site, and will not permit another VPN connection coming from the same IP. (If the VPN clients connect using another IP, then it will work).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...