Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

L2TP over IPsec remote VPN - connected but can't ping/RDP

i have followed this document to setup a Remote Access VPN server on my Cisco 861.

my Cisco router is connected behind my ISP's router and placed in the DMZ zone so no port forwarding is needed.

my ISP's router has an internal segment of 192.168.0.0/24

my  cisco router has an external address of 192.168.0.50 and a LAN segment  of 192.168.25.0/24 and a VPN pool in the 192.168.26.0/24 range.

after adding this registry key to the client, the windows client gets connected.

http://support.microsoft.com/kb/926179

but the windows 8 client cannot ping, RDP or VNC to the LAN segment.

the Windows Client gets these routes in it's route table:

192.168.26.0 192.168.26.1 192.168.26.6

192.168.26.6 on-link

my router config is posted below.

------------------------------------

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cisco

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

no logging console

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication ppp default local

aaa authentication ppp VPDN_AUTH local

aaa authorization network default local if-authenticated

!

!

!

!

!

aaa session-id common

memory-size iomem 10

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-2512527972

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2512527972

revocation-check none

rsakeypair TP-self-signed-2512527972

!

!

crypto pki certificate chain TP-self-signed-2512527972

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32353132 35323739 3732301E 170D3036 30313032 31323030

  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35313235

  32373937 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100AE59 9534D49B E21C903F E7949B98 D9985AF5 4E4E4A81 189F1650 E76A0A19

  EBBF6831 FC49B620 7729EC75 A28BD936 D72AD964 3E40A138 A30B1841 2B596754

  F2E344EB E8E1D59D 1950025B D6A15AC4 2E9B3495 873F298D E9CE244D 5F2A12B1

  A174C19D A81DEEC8 1C729BF5 7C6461BB 3721BDD2 0D72129D 700A2C18 69B95483

  F8970203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 1472F59E 183F1637 715171D1 3225CA64 062B9670 1F301D06

  03551D0E 04160414 72F59E18 3F163771 5171D132 25CA6406 2B96701F 300D0609

  2A864886 F70D0101 05050003 81810035 8C1C716C 1DB300EF 4A06483E 3F64DFF0

  34E079D1 CF8A6D96 7E48AF50 35B6A726 1ED25BA8 15552675 CE19E531 F4C0B4F0

  4CF90C77 46288C0D 61136CAE 099F1ADE 420ED3B8 D85AF4EE AE5FFBFE 7F6304F6

  E60FAA97 1E357A56 CADC3ABA 830659A7 6B47BB4A 8CF6ACA7 46C74B97 818C9866

  B6709FBF BFE1439E FB455C13 59DE78

        quit

!

!

ip dhcp excluded-address 192.168.25.150 192.168.25.254

!

ip dhcp pool LAN

network 192.168.25.0 255.255.255.0

default-router 192.168.25.254

dns-server 192.168.25.254

!

!

!

ip domain name xxxxxxxxxxxxxxx

ip name-server xxxxxxxxxxxxxx

ip name-server xxxxxxxxxxxxxx

ip cef

!

!

vpdn enable

!

vpdn-group L2TP

! Default L2TP VPDN group

accept-dialin

  protocol l2tp

  virtual-template 1

no l2tp tunnel authentication

!

license udi pid CISCO861-K9 sn FCZ1610C0TR

!

!

username xxxxx privilege 15 password 7 xxxxxxxxxx

username xxxxxx password 7 xxxxxxxxxxxxx

username xxxxxx password 7 xxxxxxxxxxxxx

!

!

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key ciscovpn address 0.0.0.0

!

!

crypto ipsec transform-set L2TP-Set2 esp-3des esp-sha-hmac

mode transport

!

!

!

crypto dynamic-map dyn-map 10

set nat demux

set transform-set L2TP-Set2

!

!

crypto map outside_map 10 ipsec-isakmp dynamic dyn-map

!

!

!

!

!

interface Loopback1

description loopback for IPsec-pool

ip address 192.168.26.1 255.255.255.255

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

ip address 192.168.0.50 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map outside_map

!

interface Virtual-Template1

ip unnumbered Loopback1

peer default ip address pool l2tp-pool

ppp authentication ms-chap-v2 VPDN_AUTH

!

interface Vlan1

ip address 192.168.25.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

ip local pool l2tp-pool 192.168.26.2 192.168.26.20

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

!

ip dns server

ip nat inside source list NAT interface FastEthernet4 overload

ip route 0.0.0.0 0.0.0.0 192.168.0.1

!

ip access-list extended NAT

deny   ip 192.168.25.0 0.0.0.255 192.168.26.0 0.0.0.255

permit ip 192.168.25.0 0.0.0.255 any

!

no cdp run

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

transport input all

transport output all

!

end

  • WAN Routing and Switching
649
Views
0
Helpful
0
Replies