1. Home
  2. Cisco Systems
  3. Remote VPN Issues Please help

Remote VPN Issues Please help

Hi,

I have setup remote vpn access to use with the cisco remote vpn client software. I can connect and authenticate but thats it once connected i cannot access any resources, cannot ping any clients inside the network. I know its something stupid im missing but my head is sore from banging it against the wall. Please help, config below:

Current configuration : 5988 bytes ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname C837CON-SS-S1-1 ! boot-start-marker boot-end-marker ! enable secret 5 XXXXXXXXXXXXXXXXXXXX enable password 7 XXXXXXXXXXXXXXXXXX ! aaa new-model ! ! aaa authorization network remotevpn local aaa session-id common ! resource manager ! ip subnet-zero ! ! no ip dhcp use vrf connected ! ! ip cef no ip domain lookup ip name-server 210.15.254.240 ip name-server 210.15.254.241 no ip ips deny-action ips-interface vpdn enable ! vpdn-group pppoe request-dialin protocol pppoe ip mtu adjust ! ! no ftp-server write-enable ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp client configuration address-pool local vpnpool ! crypto isakmp client configuration group remotevpn key XXXXXXXXXXXXXXXX pool vpnpool ! ! crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 1 set transform-set ESP-3DES-MD5 reverse-route ! ! crypto map dymap 1 ipsec-isakmp dynamic dynmap ! crypto map dynmap isakmp authorization list remotevpn crypto map dynmap client configuration address respond crypto map dynmap 1 ipsec-isakmp dynamic dynmap ! ! ! interface Ethernet0 ip address 192.168.24.1 255.255.248.0 ip access-group 100 in ip nat inside ip virtual-reassembly no cdp enable hold-queue 100 out ! interface Ethernet2 no ip address shutdown hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto hold-queue 244 in ! interface ATM0.1 point-to-point pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer0 ip address negotiated ip access-group 101 in ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 2 no cdp enable ppp authentication chap callin ppp chap hostname XXXXXXXXXXXXXXXXXXXXXX ppp chap password 7 XXXXXXXXXXXXXXXXXXXXXXXXX crypto map dynmap ! ip local pool vpnpool 192.168.254.1 192.168.254.20 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server no ip http secure-server ! ip nat inside source list 1 interface Dialer0 overload ! access-list 1 permit 192.168.0.0 0.0.255.255 access-list 23 permit 10.10.10.0 0.0.0.255 access-list 100 permit tcp any host 192.168.24.1 eq telnet access-list 100 permit tcp any any eq www access-list 100 permit tcp any any eq 443 access-list 100 permit tcp any any eq pop3 access-list 100 permit tcp any any eq ftp access-list 100 permit udp any any eq domain access-list 100 permit tcp any any eq smtp access-list 100 permit tcp any any eq telnet access-list 100 permit tcp host 192.168.24.2 any eq 500 access-list 100 permit udp host 192.168.24.2 any eq isakmp access-list 100 permit tcp any any eq 4899 access-list 100 permit tcp host 192.168.24.3 any eq 500 access-list 100 permit udp host 192.168.24.3 any eq isakmp access-list 100 permit udp any any eq 4899 access-list 101 deny tcp any any eq telnet access-list 101 deny tcp any any eq domain access-list 101 deny udp any any eq domain access-list 101 deny tcp any any eq 55 access-list 101 deny udp any any eq 55 access-list 101 deny tcp any any eq 77 access-list 101 deny udp any any eq 77 access-list 101 deny tcp any any eq pim-auto-rp access-list 101 deny udp any any eq pim-auto-rp access-list 101 deny tcp any any eq www access-list 101 deny tcp any any eq ftp-data access-list 101 deny tcp any any eq ftp access-list 101 deny tcp any any eq 22 access-list 101 deny tcp any any eq smtp access-list 101 deny tcp any any eq 59 access-list 101 deny tcp any any eq finger access-list 101 deny tcp any any eq pop3 access-list 101 deny tcp any any eq ident access-list 101 deny udp any any eq netbios-ns access-list 101 deny udp any any eq netbios-ss access-list 101 deny tcp any any eq 139 access-list 101 deny tcp any any eq 443 access-list 101 deny tcp any any eq 1080 access-list 101 deny tcp any any eq 8080 access-list 101 permit ip any any dialer-list 2 protocol ip permit no cdp run ! ! control-plane !

! line con 0 exec-timeout 120 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 access-class 23 in exec-timeout 120 0 password 7 XXXXXXXXXXXXXXXXXXXXXXX transport preferred all transport input all transport output all ! scheduler max-task-time 5000 end

Reply to
Tomasz
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.