VPN problem

Hi everybody...

I'm try to setup a VPN server using a 3662. I would like to be able to connect to the VPN server using the cisco VPN client. I would also like the router to do NAT for the local LAN. Currently I can only do one at a time. If I disable the inside nat translation ( no ip nat inside source list NAT interface FastEthernet0/0 overload) my VPN client can talk to the LAN but my lan pc can't get to the Internet. If I enable NAT my lan pcs can get to the Internet but the VPN client cannot get to the LAN. Here is my config....

Current configuration : 2440 bytes ! ! Last configuration change at 23:01:55 AKST Tue Jan 16 2007 ! NVRAM config last updated at 23:09:33 AKST Tue Jan 16 2007 by ljones ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname 3662-1 ! boot-start-marker boot-end-marker ! logging buffered 10000 debugging enable secret 5 xxxx ! aaa new-model ! ! aaa authentication login clientauth local aaa authorization network groupauth local ! aaa session-id common ! resource policy ! clock timezone AKST -9 clock summer-time AKST recurring ip subnet-zero ! ! ip cef ! ! ! ! ! username me privilege 15 password 0 cisco ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPNgroup key cisco dns 192.168.1.3 192.168.1.2 wins 192.168.1.2 domain bluphisolutions.com pool VPNpool

crypto isakmp profile VPNclient match identity group VPNgroup client authentication list clientauth isakmp authorization list groupauth client configuration address respond ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map DynVPNmap 5 set transform-set ESP-3DES-SHA set isakmp-profile VPNclient ! ! crypto map VPNmap 1 ipsec-isakmp dynamic DynVPNmap ! ! ! ! ! interface Loopback0 ip address 192.168.10.1 255.255.255.255 ! interface FastEthernet0/0 description WAN ip address dhcp ip nat outside ip virtual-reassembly duplex auto speed auto crypto map VPNmap ! interface FastEthernet0/1 description LAN ip address 192.168.1.253 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface Ethernet1/0 no ip address shutdown half-duplex ! ip local pool VPNpool 192.168.10.2 192.168.10.254 ip http server no ip http secure-server ip classless ! ! ip nat inside source list NAT interface FastEthernet0/0 overload ! ! ip access-list extended NAT permit ip 192.168.10.0 0.0.0.255 any permit ip 192.168.1.0 0.0.0.255 any logging facility syslog logging 192.168.1.2 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 logging synchronous line aux 0 line vty 0 4 password cisco logging synchronous ! ntp clock-period 17179883 ntp server 192.43.244.18 ! end

Reply to
Mike jones
Loading thread data ...

you need to remove the 192.168.10.0 statement in your NAT ACL, it should not be there.

Reply to
Brian V

Reply to
Mike jones

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.