Hi,
I've stared at this for too long and need a fresh set of eyes to hopefully point me in the right direction. This router is performing PAT for internet access and I'm trying to enable it as an EZVPN server. Using the VPN client, I'm able to connect and bring up the tunnel. However, once I'm in, I cannot pass traffic nor ping the router LAN interface (on same subnet). Any thoughts?
Thanks for your help, Spencer Teran
version 12.3 no parser cache service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname igw ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging enable secret xxx ! username xxx password xxx username zzz password zzz aaa new-model ! ! aaa authorization network biotxvpn local aaa session-id common ip subnet-zero no ip source-route ip cef ! ! no ip domain lookup ip domain name blah.blah ip name-server public.ip ! ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp client configuration address-pool local dynpool ! crypto isakmp client configuration group biotxvpn key password dns 192.168.0.11 wins 192.168.0.11 domain same.as.internal.hosts pool dynpool ! ! crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac ! ! crypto dynamic-map dynmap 1 set transform-set transform-1 reverse-route ! ! ! crypto map dynmap isakmp authorization list biotxvpn crypto map dynmap client configuration address respond crypto map dynmap 1 ipsec-isakmp dynamic dynmap ! ! ! ! interface Loopback0 ip address 209.x.x.x 255.255.255.255 ip nat outside crypto map dynmap ! interface FastEthernet0/0 description Ethernet LAN ip address 192.168.0.1 255.255.255.0 ip nat inside duplex auto speed auto crypto map dynmap ! interface Serial0/0 description Internet WAN ip address 10.0.36.170 255.255.255.252 ip nat outside encapsulation ppp no fair-queue service-module t1 timeslots 1-24 crypto map dynmap ! ip local pool dynpool 192.168.0.100 192.168.0.120 ip nat inside source list 1 interface Loopback0 overload ip nat inside source static tcp 192.168.0.68 80 209.z.z.z 80 extendable no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 ! ! access-list 1 permit 192.168.0.0 0.0.0.255 no cdp run ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 exec-timeout 0 0 password xxx ! ! ! end