Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

remote access VPN cant ping but not remote desktop

I have setup remote access IP sec VPN in my 881.

Here is the config:

Building configuration...

Current configuration : 3402 bytes
!
! Last configuration change at 08:38:46 UTC Tue May 27 2014 by akshay
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TheSagarRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 8sb95.4HVhofmKquQwxZLr468VgrsA5qWpNigAEDtf2
!
aaa new-model
!
!
aaa authentication login VPN_CLIENT_LOGIN local
aaa authorization network VPN_CLIENT_GROUP local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
!
!
!
!
ip dhcp excluded-address 192.168.10.1
!
ip dhcp pool VLAN_10_ARCHITECTURE
 network 192.168.10.0 255.255.255.0
 default-router 192.168.10.1
 dns-server 8.8.8.8
!
!
!
ip domain name thesagar.in
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FGL171220ER
!
!
username akshay privilege 15 secret 4 cI9fbmTlloLTKDmg0s6Pctre4U2C74KpINniT7DII2M
!
!
!
!
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
!
crypto isakmp client configuration group VPN_CLIENTS
 key ClientVpnKey
 dns 8.8.8.8
 domain thesagar.in
 pool VPN_CLIENT_POOL
 acl 110
!
!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
 mode tunnel
crypto ipsec df-bit clear
!
!
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
 set transform-set TRANS_3DES_SHA
!
!
crypto map EXT_MAP client authentication list VPN_CLIENT_LOGIN
crypto map EXT_MAP isakmp authorization list VPN_CLIENT_GROUP
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 10
 switchport mode trunk
 no ip address
!
interface FastEthernet1
 switchport access vlan 10
 switchport mode trunk
 no ip address
!
interface FastEthernet2
 switchport access vlan 10
 switchport mode trunk
 no ip address
!
interface FastEthernet3
 switchport access vlan 10
 switchport mode trunk
 no ip address
!
interface FastEthernet4
 ip address 182.74.72.98 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 crypto map EXT_MAP
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan10
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list NATTABLE_HOSTS interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 182.74.72.97
!
ip access-list extended NATTABLE_HOSTS
 deny   ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
 deny   ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
 permit ip any any
!
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
!
!
!
banner motd ^C
**********************************************
This is a secured router. Logging in to it is not allowed.
**********************************************
^C
!
line con 0
 exec-timeout 5 0
 logging synchronous
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 transport input telnet ssh
!
!
end

 

 

I have one machine at 192.168.10.8, which I can ping to but cant do remote desktop. Any help would be appreciated.

109
Views
0
Helpful
0
Replies
CreatePlease to create content