11-02-2013 06:22 AM - edited 03-04-2019 09:29 PM
i have followed this document to setup a Remote Access VPN server on my Cisco 861.
my Cisco router is connected behind my ISP's router and placed in the DMZ zone so no port forwarding is needed.
my ISP's router has an internal segment of 192.168.0.0/24
my cisco router has an external address of 192.168.0.50 and a LAN segment of 192.168.25.0/24 and a VPN pool in the 192.168.26.0/24 range.
after adding this registry key to the client, the windows client gets connected.
http://support.microsoft.com/kb/926179
but the windows 8 client cannot ping, RDP or VNC to the LAN segment.
the Windows Client gets these routes in it's route table:
192.168.26.0 192.168.26.1 192.168.26.6
192.168.26.6 on-link
my router config is posted below.
------------------------------------
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authentication ppp VPDN_AUTH local
aaa authorization network default local if-authenticated
!
!
!
!
!
aaa session-id common
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2512527972
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2512527972
revocation-check none
rsakeypair TP-self-signed-2512527972
!
!
crypto pki certificate chain TP-self-signed-2512527972
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353132 35323739 3732301E 170D3036 30313032 31323030
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35313235
32373937 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AE59 9534D49B E21C903F E7949B98 D9985AF5 4E4E4A81 189F1650 E76A0A19
EBBF6831 FC49B620 7729EC75 A28BD936 D72AD964 3E40A138 A30B1841 2B596754
F2E344EB E8E1D59D 1950025B D6A15AC4 2E9B3495 873F298D E9CE244D 5F2A12B1
A174C19D A81DEEC8 1C729BF5 7C6461BB 3721BDD2 0D72129D 700A2C18 69B95483
F8970203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1472F59E 183F1637 715171D1 3225CA64 062B9670 1F301D06
03551D0E 04160414 72F59E18 3F163771 5171D132 25CA6406 2B96701F 300D0609
2A864886 F70D0101 05050003 81810035 8C1C716C 1DB300EF 4A06483E 3F64DFF0
34E079D1 CF8A6D96 7E48AF50 35B6A726 1ED25BA8 15552675 CE19E531 F4C0B4F0
4CF90C77 46288C0D 61136CAE 099F1ADE 420ED3B8 D85AF4EE AE5FFBFE 7F6304F6
E60FAA97 1E357A56 CADC3ABA 830659A7 6B47BB4A 8CF6ACA7 46C74B97 818C9866
B6709FBF BFE1439E FB455C13 59DE78
quit
!
!
ip dhcp excluded-address 192.168.25.150 192.168.25.254
!
ip dhcp pool LAN
network 192.168.25.0 255.255.255.0
default-router 192.168.25.254
dns-server 192.168.25.254
!
!
!
ip domain name xxxxxxxxxxxxxxx
ip name-server xxxxxxxxxxxxxx
ip name-server xxxxxxxxxxxxxx
ip cef
!
!
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
license udi pid CISCO861-K9 sn FCZ1610C0TR
!
!
username xxxxx privilege 15 password 7 xxxxxxxxxx
username xxxxxx password 7 xxxxxxxxxxxxx
username xxxxxx password 7 xxxxxxxxxxxxx
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key ciscovpn address 0.0.0.0
!
!
crypto ipsec transform-set L2TP-Set2 esp-3des esp-sha-hmac
mode transport
!
!
!
crypto dynamic-map dyn-map 10
set nat demux
set transform-set L2TP-Set2
!
!
crypto map outside_map 10 ipsec-isakmp dynamic dyn-map
!
!
!
!
!
interface Loopback1
description loopback for IPsec-pool
ip address 192.168.26.1 255.255.255.255
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 192.168.0.50 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map outside_map
!
interface Virtual-Template1
ip unnumbered Loopback1
peer default ip address pool l2tp-pool
ppp authentication ms-chap-v2 VPDN_AUTH
!
interface Vlan1
ip address 192.168.25.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip local pool l2tp-pool 192.168.26.2 192.168.26.20
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source list NAT interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
ip access-list extended NAT
deny ip 192.168.25.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 any
!
no cdp run
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input all
transport output all
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide