Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Issue Remote Access to an Existing L2L

Hello

I added Remote Access  to an Existing L2L VPN and found that I cannot access resource after connecting to IOS VPN Server

I am using Cisco VPN Client version 5.0, I tested pinging to the host on the inside network or RDP both didnt work

Host which I am pinging or Remote Desktop - 172.20.20.11

!

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

!

aaa session-id common

no network-clock-participate wic 0

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

!

username cisco password 0 cisco

archive  

log config

  hidekeys

!

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key cisco address 85.12.x.x

!

crypto isakmp client configuration group VPN_SAS

key cisco123

dns 172.20.20.11 172.20.20.41

domain az.com

pool ippool

crypto isakmp profile vpnclient

   match identity group VPN_SAS

   client authentication list userauthen

   isakmp authorization list groupauthor

   client configuration address respond

!

!

crypto ipsec transform-set VPN esp-3des esp-md5-hmac

crypto ipsec transform-set remote-set esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set remote-set

set isakmp-profile vpnclient

!

!

crypto map VPN8 10 ipsec-isakmp

set peer 85.12.x.x

set transform-set VPN

match address VPN

crypto map VPN8 65535 ipsec-isakmp dynamic dynmap

!

!

!

controller E1 0/0/0

!

!

!

interface FastEthernet0/0

description Link_To_ISP

ip address 40.x.x.x 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex full

speed 100

crypto map VPN8

!

interface FastEthernet0/1/0

description connected to LAN

duplex full

speed 100

!

interface FastEthernet0/1/1

!

interface FastEthernet0/1/2

!

interface FastEthernet0/1/3

!

interface Vlan1

description connected to LAN

ip address 172.20.1.1 255.255.255.248

ip nat inside

ip virtual-reassembly

!

ip local pool ippool 172.25.233.10 172.25.233.70

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 40.x.x.x

ip route 172.20.20.0 255.255.255.0 172.20.1.2

ip route 172.20.233.0 255.255.255.0 172.20.1.2

ip route 172.20.234.0 255.255.255.0 172.20.1.2

ip http server

no ip http secure-server

!

!

ip nat inside source route-map nonat interface FastEthernet0/0 overload

!

ip access-list extended NAT_Exempt

deny   ip 172.20.20.0 0.0.3.255 172.25.233.0 0.0.0.255

ip access-list extended VPN

permit ip 172.20.20.0 0.0.3.255 192.168.1.0 0.0.0.255

permit ip 172.20.20.0 0.0.3.255 192.168.2.0 0.0.0.255

route-map nonat permit 10

match ip address NAT_Exempt

!

Appreciate some support

cheers

Anthony

314
Views
0
Helpful
0
Replies