I've been to a couple forums about my problem with no resolution yet. So here it is:
I can successfully VPN into my 2621. I can not access shares on the internal network. What I can do is ping all internal network clients from the VPN client. I can also ping VPN client from internal network. I can access a share on the VPN Client from the internal network, no problem. Can not access ANY resources on the internal network from the VPN client. Set up internal FTP and Web services and I cant access them either. This is what I have tried.
-removing all acl's
-creating acl's for eth 0/0 and 0/1 permit ip any any
-using VPN client 3.6 and 4.6
-tried with windows 2000 and XP in workgroup and domain scenarios
-tried different acl configurations with no success. I am running out of ideas.
Here is my running config: version 12.3 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname 2621 ! boot-start-marker boot-end-marker ! enable password 7 121A17004B181402647A ! username steve password 7 000606080E5208071B6F1D clock timezone PST -8 clock summer-time PDT recurring aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip inspect max-incomplete high 1100 ip inspect one-minute high 1100 ip inspect name FastEthernet_0_1 tcp ip inspect name FastEthernet_0_1 udp ip inspect name FastEthernet_0_1 cuseeme ip inspect name FastEthernet_0_1 ftp ip inspect name FastEthernet_0_1 h323 ip inspect name FastEthernet_0_1 rcmd ip inspect name FastEthernet_0_1 realaudio ip inspect name FastEthernet_0_1 smtp ip inspect name FastEthernet_0_1 streamworks ip inspect name FastEthernet_0_1 vdolive ip inspect name FastEthernet_0_1 sqlnet ip inspect name FastEthernet_0_1 tftp ip audit notify log ip audit po max-events 100 ! ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group 3000client key xxxxxx dns 192.168.10.10 wins 192.168.10.10 domain xxx.xxx pool ippool acl 108 ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 description connected to Outside ip address 66.159.195.125 255.255.255.0 ip access-group 101 in ip nat outside duplex auto speed auto crypto map clientmap ! interface FastEthernet0/1 description connected to Inside ip address 192.168.10.1 255.255.255.0 ip access-group 100 in ip nat inside ip inspect FastEthernet_0_1 in duplex auto speed auto ! ip local pool ippool 192.168.50.10 192.168.50.20 ip nat inside source list 199 interface FastEthernet0/0 overload ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 66.159.xxx.x ! ! access-list 1 permit 192.168.10.0 0.0.0.255 access-list 100 permit ip any any access-list 101 permit udp host 200.23.51.205 any eq ntp access-list 101 permit udp host 216.218.254.202 any eq ntp access-list 101 permit udp any any eq isakmp access-list 101 permit ahp any any access-list 101 permit esp any any access-list 101 permit gre any any access-list 101 permit icmp any any echo-reply access-list 108 permit ip 192.168.10.0 0.0.0.255 192.168.50.0 0.0.0.255 access-list 108 permit ip 192.168.50.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 199 deny ip 192.168.10.0 0.0.0.255 192.168.50.0 0.0.0.255 access-list 199 permit ip 192.168.10.0 0.0.0.255 any ! ! ! ! ! ! line con 0 exec-timeout 0 0 password 7 000701115D4813004170 line aux 0 line vty 0 4 password 7 1414001C5517322D6A79 ! ntp clock-period 17208692 ntp source FastEthernet0/0 ntp server 216.218.254.202 ntp server 200.23.51.205 ! ! end