Helo all
I have problem with configuring remote access. Now I have bgp with 1 peer.
Bgp address p2p 195.91.191.2/30 and my network PI 191.181.81.0/23 I'd like cisco vpn clients can access all internet via router.
I read this:
and i make config below, but i have problem with access world. Access to my LAN is not stable. Some address from pool CLIENT_POOL2 answer correct and some not from cisco vpn client
version 12.4
crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPN key secret_key dns 192.168.1.16 wins 192.168.1.16 pool CLIENT_POOL2 ! crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto dynamic-map dynmap 1 set transform-set myset reverse-route ! crypto map dynmap client authentication list userauthen crypto map dynmap isakmp authorization list groupauthor crypto map dynmap client configuration address respond crypto map dynmap 1 ipsec-isakmp dynamic dynmap
! interface Loopback0 ip address 10.11.0.1 255.255.255.0 ip nat inside ip virtual-reassembly !
interface GigabitEthernet0/0 description My LAN ip address 192.168.1.1 255.255.248.0 ip access-group 105 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto no cdp enable
! interface Vlan2 description BGP peer ip address 191.181.81.129 255.255.255.128 secondary ip address 195.91.191.2 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip policy route-map VPN-Client crypto map dynmap !
! interface Vlan3 description my PI address ip address 191.181.81.1 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly ! ip local pool CLIENT_POOL2 192.168.10.1 192.168.10.254
ip nat inside source list NAT interface Vlan2 overload
ip access-list extended NAT deny ip 192.168.10.0 0.0.0.255 any permit ip 192.168.0.0 0.0.255.255 any
! route-map VPN-Client permit 10 match ip address 144 set interface Loopback0 ! access-list 144 permit ip 192.168.10.0 0.0.0.255 any
sh access-list 144 Extended IP access list 144
10 permit ip 192.168.10.0 0.0.0.255 any (3885 matches)sh access-lists NAT Extended IP access list NAT
20 permit ip 192.168.0.0 0.0.255.255 any (2757 matches)thx for help
Ted