Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LAN disabled on vpn dialer


Although I have enabled allow local lan access in VPN dialer it is automatically disabled when VPN gets connected, what's the problem ?  I used the above codes for the easy vpn server side. It gets connected but all of my traffic doesn't pass through this VPN, why ?

Should not all the traffic pass from the same easy vpn server, do I have to do anything else so that all of my traffic goes through this vpn connection.

With regards,

- Mero

Router#show runBuilding configuration...

Current configuration : 2069 bytes
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router

no logging buffered
enable password cisco
!---AAA enabled using aaa newmodel command. Also 
AAA Authentication and Authorization are enabled---!aaa new-model!
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_1 local!
aaa session-id common
ip cef
ip domain name
multilink bundle-name authenticated
!--- Configuration for IKE policies.
!--- Enables the IKE policy configuration (config-isakmp) 
!--- command mode, where you can specify the parameters that 
!--- are used during an IKE negotiation. Encryption and Policy details are hidden
as the default values are chosen.crypto isakmp policy 1
 encr 3des
 authentication pre-share group 2
crypto isakmp keepalive 10
crypto isakmp client configuration group cisco
 key cisco123
 pool SDM_POOL_1
crypto isakmp profile ciscocp-ike-profile-1
   match identity group cisco
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!--- Configuration for IPsec policies.
!--- Enables the crypto transform configuration mode, 
!--- where you can specify the transform sets that are used 
!--- during an IPsec negotiation.crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac!
crypto ipsec profile CiscoCP_Profile1
 set security-association idle-time 86400
 set transform-set ESP-3DES-SHA
 set isakmp-profile ciscocp-ike-profile-1
!--- RSA certificate generated after you enable the 
!--- ip http secure-server command.crypto pki trustpoint TP-self-signed-1742995674
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1742995674
 revocation-check none
 rsakeypair TP-self-signed-1742995674

!--- Create a user account named cisco123 with all privileges.username cisco123 privilege 15 password 0 cisco123archive
 log config
!--- Interface configurations are done as shown below---!interface Loopback0
 ip address
interface FastEthernet0/0
 ip address
 duplex auto
 speed auto
interface Virtual-Template1 type tunnel
 ip unnumbered Loopback0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!--- VPN pool named SDM_POOL_1 has been defined in the below command---!ip local pool SDM_POOL_1
!--- This is where the commands to enable HTTP and HTTPS are configured.ip http server
ip http authentication local
ip http secure-server
line con 0
line aux 0
!--- Telnet enabled with password as cisco.line vty 0 4
 password cisco
 transport input all
scheduler allocate 20000 1000
CreatePlease to create content