I have a Cisco 881 router that I am using to connect our main office to an AWS VPC. I was able to configure it and it works just fine. I also configured an EASY VPN server for outside users and I can authenticate as well (Using Mac native VPN connection). However, my poblem is the VPN clients are not automatically being assigned out internal DNS server(s). When I do an nslookup, it is using its router DNS config, not the one assigned by the VPN tunnel.
I am by any means an expert on Cisco devices, so I had to configure this via CCP.
I was hoping that there is someone out there that can tell me what I need to do via the gui.
Here is the current config:
Current configuration : 11423 bytes
! Last configuration change at 13:11:23 PCTime Fri Jul 27 2012 by zephyr1
! NVRAM config last updated at 13:25:30 PCTime Fri Jul 27 2012 by zephyr1
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authentication login ciscocp_vpn_xauth_ml_3 local
aaa authentication login ciscocp_vpn_xauth_ml_4 local
aaa authentication login ciscocp_vpn_xauth_ml_5 local
aaa authentication login ciscocp_vpn_xauth_ml_6 local
aaa authentication login ciscocp_vpn_xauth_ml_7 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa authorization network ciscocp_vpn_group_ml_3 local
aaa authorization network ciscocp_vpn_group_ml_4 local
aaa session-id common
memory-size iomem 10
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
After banging my head on my keyboard - here is what I found. I am pretty sure its a client issue with OSX Lion.
crypto isakmp client configuration group users
I know that is right, you know thats right... I could ping the server (connection is fine) and do an nslookup against that server, i.e. nslookup blah 10.1.0.5. So based on that, I know communication is working.
To test, I stood up a websever on the other side of the VPN tunnel, typed in the DNS hostname in my browser, and it worked. Head scratcher. Havent tested a windows client, as I dont have a windows box handy.
So, is there a way to get this to work properly? Using nslookup, dig, etc., would be might handy for trouble shooting!
I noticed this morning that I can only have one concurrent vpn client connection to my router at once. Should I start another thread?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :