Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN correctly connect but I cannot access to internal addresses

Hi all,

I've a very big problem with my cisco 877 router,

I configured an ADSL 20mb access via a point-to-point connection, when I try to connect my pc from remote site, my vpn client correctly connect to the router but I can't access to internal network.

following my router configuration

!

! Last configuration change at 19:29:57 CET Thu Jan 23 2014 by innofondi

! NVRAM config last updated at 19:15:35 CET Thu Jan 23 2014 by innofondi

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AgeSoffiano

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

logging buffered 51200 warnings

enable secret 5 $1$K4v3$hVwC0KjjjjSQcEa.IZHUl1

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login fondiaria local

aaa authorization exec default local

aaa authorization network fondiaria local

!

!

aaa session-id common

clock timezone CET 1

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

!

crypto pki trustpoint innocenti

enrollment selfsigned

subject-name CN=cn=IOS-Self-Signed-Certificate-1286547895

revocation-check none

rsakeypair innocenti

!

!

crypto pki certificate chain innocenti

certificate self-signed 01

  3082022F 308201D9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  61313230 30060355 04031329 636E3D49 4F532D53 656C662D 5369676E 65642D43

  65727469 66696361 74652D31 32383635 34373839 35312B30 2906092A 864886F7

  0D010902 161C4167 65536F66 6669616E 6F2E616C 69636562 7573696E 6573732E

  6974301E 170D3131 30343230 31303430 33325A17 0D323030 31303130 30303030

  305A3061 31323030 06035504 03132963 6E3D494F 532D5365 6C662D53 69676E65

  642D4365 72746966 69636174 652D3132 38363534 37383935 312B3029 06092A86

  4886F70D 01090216 1C416765 536F6666 69616E6F 2E616C69 63656275 73696E65

  73732E69 74305C30 0D06092A 864886F7 0D010101 0500034B 00304802 4100BBBC

  17AB6222 EAC5894C C3B249A3 766341D4 25F4B80B B7FA8E42 8B1C0DC7 758DAE92

  A4F3BDE6 680E4DA7 3FCD909A 4DB92F46 B0554FB7 A733BB8B 70C1A904 38E90203

  010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603 551D1104

  20301E82 1C416765 536F6666 69616E6F 2E616C69 63656275 73696E65 73732E69

  74301F06 03551D23 04183016 80146A1E E2912AE8 86778ADC 7B9F6CE3 A6F44D2E

  D84B301D 0603551D 0E041604 146A1EE2 912AE886 778ADC7B 9F6CE3A6 F44D2ED8

  4B300D06 092A8648 86F70D01 01040500 03410089 336DAD89 CA7BE32E C8C01650

  D4A2CE4F C8A33272 0352AB90 BBD8C314 B6681CED 34E1C153 1EB59802 F83B923A

  371232DA ED165794 FD83AD33 1C407B31 5009A7

        quit

dot11 syslog

ip source-route

!

!

ip cef

ip domain name alicebusiness.it

ip name-server 151.99.125.1

ip name-server 151.99.125.2

!

!

!

!

username innofondi privilege 15 password 7 06370B255F1D5F4B2D0E

!

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group vpn

key xxxxxxxx

dns 10.51.121.193 10.51.121.245

pool fondiariapool

acl 101

max-logins 1

netmask 255.255.255.192

!

!

crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac

!

crypto dynamic-map fondiariamap 1

set transform-set esp-3des-sha

reverse-route

!

!

crypto map cfondiariamap local-address Loopback2

crypto map cfondiariamap client authentication list fondiaria

crypto map cfondiariamap isakmp authorization list fondiaria

crypto map cfondiariamap client configuration address respond

crypto map cfondiariamap 65535 ipsec-isakmp dynamic fondiariamap

!

archive

log config

  hidekeys

!

!

!

!

!

interface Loopback0

ip address 195.120.214.241 255.255.255.255

!

interface Loopback1

ip address 195.120.214.242 255.255.255.255

!

interface Loopback2

ip address 195.120.214.243 255.255.255.255

!

interface Tunnel0

ip unnumbered Loopback0

keepalive 10 3

tunnel source Loopback0

tunnel destination 95.242.189.204

tunnel mode ipip

!

interface ATM0

no ip address

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

ip address 194.243.173.178 255.255.255.252

ip nat outside

ip virtual-reassembly

pvc 8/35

  encapsulation aal5snap

!

crypto map cfondiariamap

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

ip address 10.51.121.196 255.255.255.192

ip nat inside

ip virtual-reassembly

!

ip local pool fondiariapool 10.51.121.253

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 10.30.0.0 255.255.0.0 10.51.121.194

ip route 10.50.0.0 255.255.0.0 10.51.121.194

ip route 10.55.121.192 255.255.255.240 Tunnel0

ip route 10.60.0.0 255.255.0.0 10.51.121.194

ip route 10.128.0.0 255.128.0.0 10.51.121.194

ip http server

ip http secure-server

!

ip nat pool pubblico 195.120.214.242 195.120.214.242 netmask 255.255.255.240

ip nat inside source static tcp 10.51.121.200 10099 interface Loopback0 10099

ip nat inside source static tcp 10.51.121.200 3478 interface Loopback0 3478

ip nat inside source static udp 10.51.121.200 3478 interface Loopback0 3478

ip nat inside source static udp 10.51.121.200 8003 interface Loopback0 8003

ip nat inside source static udp 10.51.121.200 8002 interface Loopback0 8002

ip nat inside source static udp 10.51.121.200 8001 interface Loopback0 8001

ip nat inside source static udp 10.51.121.200 8000 interface Loopback0 8000

ip nat inside source static tcp 10.51.121.200 443 interface Loopback0 443

ip nat inside source list 1 pool pubblico overload

ip nat inside source static udp 10.51.121.200 5060 interface Loopback0 5060

ip nat inside source static tcp 10.51.121.200 5060 interface Loopback0 5060

ip nat inside source list 111 interface Loopback2 overload

!

access-list 1 remark access-list NAT

access-list 1 permit 10.51.121.192 0.0.0.63

access-list 101 permit ip 10.51.121.192 0.0.0.63 host 10.51.121.253

access-list 111 remark access-list VPN

access-list 111 deny   ip 10.51.121.192 0.0.0.63 host 10.51.121.253

access-list 111 permit ip 10.51.121.192 0.0.0.63 any

no cdp run

!

!

!

!

control-plane

!

!

line con 0

password 7 112035244640580F0B24382B2436

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password 7 132C3B335A5E573E2E28263621

transport input telnet ssh

!

scheduler max-task-time 5000

ntp server 193.204.114.232

end

Anyone can help me..?

Thanks in advance.

Very Best Regards.

136
Views
0
Helpful
0
Replies