Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RDP over Easy VPN Server fails, ping works

Dear experts,

What can I do to troubleshout this problem?

This is our router configuration with the Easy VPN Server enabled:

version 15.1

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

no service dhcp

!

hostname ####

!

boot-start-marker

boot-end-marker

!

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200

logging console critical

enable secret ###########################

!

aaa new-model

!

!

aaa authentication login local_authen local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec local_author local

aaa authorization network ciscocp_vpn_group_ml_1 local

!

!

!

!

!

aaa session-id common

!

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.29

ip dhcp excluded-address 192.168.1.59

ip dhcp excluded-address 192.168.1.99

ip dhcp excluded-address 192.168.1.182

ip dhcp excluded-address 192.168.1.192

ip dhcp excluded-address 192.168.1.193

ip dhcp excluded-address 192.168.1.198

ip dhcp excluded-address 192.168.1.238

ip dhcp excluded-address 192.168.1.240

ip dhcp excluded-address 192.168.1.243

ip dhcp excluded-address 192.168.1.245

ip dhcp excluded-address 192.168.1.215

ip dhcp excluded-address 192.168.1.122

ip dhcp excluded-address 192.168.1.33

ip dhcp excluded-address 192.168.1.10

ip dhcp excluded-address 192.168.1.11

ip dhcp excluded-address 192.168.1.201

!

!

no ip bootp server

ip dhcp-server ##########

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-############

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-############

revocation-check none

!

!

crypto pki certificate chain TP-self-signed-############

certificate self-signed 01

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ######## ######## ######## ######## ######## ########

  ######## ######## ########

        quit

license udi pid CISCO1941/K9 sn ##########

license boot module c1900 technology-package securityk9

license boot module c1900 technology-package datak9

!

!

username #### privilege 15 secret ####################.

username #### secret ####################

username #### secret ####################

username #### secret ####################

!

redundancy

!

!

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

crypto ctcp port 10000

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group ###########

key ##########

dns 192.168.1.4 192.168.1.6

domain ####.local

pool SDM_POOL_1

acl 102

include-local-lan

crypto isakmp profile ciscocp-ike-profile-1

   match identity group ##############

   client authentication list ciscocp_vpn_xauth_ml_1

   isakmp authorization list ciscocp_vpn_group_ml_1

   client configuration address respond

   virtual-template 1

!

!

crypto ipsec transform-set ########### esp-aes 256 esp-sha-hmac

!

crypto ipsec profile CiscoCP_Profile1

set transform-set ###########

set isakmp-profile ciscocp-ike-profile-1

!

!

!

!

!

!

interface Null0

no ip unreachables

!

interface GigabitEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$$ETH-LAN$$FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

description $FW_OUTSIDE$

ip address dhcp

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip nat enable

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

!

interface Virtual-Template1 type tunnel

ip unnumbered GigabitEthernet0/0

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

!

ip local pool SDM_POOL_1 192.168.2.1 192.168.2.10

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 23 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 ###########

!

logging esm config

logging trap debugging

access-list 23 permit 192.168.1.0 0.0.0.255

access-list 23 permit 192.168.2.0 0.0.0.255

access-list 101 deny   ip any host 184.82.162.163

access-list 101 deny   ip any host 184.22.103.202

access-list 101 deny   ip any host 76.191.104.39

access-list 101 permit ip any any

access-list 102 permit tcp any any eq 3389

access-list 102 permit ip any any

access-list 102 permit icmp any any

access-list 700 permit 000d.6066.0d02   0000.0000.0000

!

no cdp run

!

!

!

!

snmp-server group ICT v3 priv

!

!

control-plane

!

banner exec ^C

Welcome ####^C

banner login ^C

##################################

Unauthorized access prohibited

##################################^C

!

line con 0

login authentication local_authen

transport output telnet

line aux 0

login authentication local_authen

transport output telnet

line vty 0 4

access-class 23 in

password 7 ##################

authorization exec local_author

login authentication local_authen

transport input telnet ssh

line vty 5 15

access-class 23 in

authorization exec local_author

login authentication local_authen

transport input telnet ssh

!

scheduler allocate 20000 1000

end

  • VPN
340
Views
0
Helpful
0
Replies
This widget could not be displayed.