I have a Cisco 1760 router with IOS 12.4 connected to the Internet with a WIC-1ADSL card. It has a dynamic external IP address. The fastethernet 0/0 has ip address 192.168.1.254 and now I want to be able to log into the 1760 through the Internet with a VPN connection. I have changed the configuration to the one below, but I still am not able to log in, the Cisco VPN client starts making a connection, but it say in the end that it can not get access. Is there anything that I missed in this configuration? Thx Jeroen
c1760#sh run Building configuration...
Current configuration : 3618 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname c1760 ! boot-start-marker boot-end-marker ! enable password 7 1304191C020705 ! aaa new-model ! aaa authentication login my_userauthen local aaa authorization network my_groupauthor local ! aaa session-id common ! resource policy ! ip cef ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.254 ip dhcp excluded-address 192.168.1.1 192.168.1.20 ! ip dhcp pool my_dhcp network 192.168.1.0 255.255.255.0 dns-server 212.71.8.11 212.71.0.2 default-router 192.168.1.254 ! ip domain name dyndns.org ip host members.dyndns.org 63.208.196.96 ip name-server 212.71.8.11 ip name-server 212.71.0.2 ip ddns update method my_dyndns HTTP add http://xxx:xxx@/nic/update?system=dyndns&hostname=&myip= interval maximum 28 0 0 0 ! username xxx password xxx ! crypto isakmp policy 1 hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group my_clientconfig key xxx pool my_vpnippool include-local-lan ! crypto ipsec transform-set my_trafoset esp-des esp-sha-hmac ! crypto dynamic-map my_dyncmap 10 set transform-set my_trafoset reverse-route ! crypto map my_cmap client authentication list my_userauthen crypto map my_cmap isakmp authorization list my_groupauthor crypto map my_cmap client configuration address respond crypto map my_cmap 10 ipsec-isakmp dynamic my_dyncmap ! interface ATM0/0 no ip address load-interval 30 no atm ilmi-keepalive dsl operating-mode auto pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0/0 ip address 192.168.1.254 255.255.255.0 ip nat inside ip virtual-reassembly speed auto ! interface Dialer0 ip ddns update hostname xxx.dyndns.org ip ddns update my_dyndns host members.dyndns.org ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname xxx@xxx ppp chap password xxx crypto map my_cmap ! ip local pool my_vpnippool 192.168.1.50 192.168.1.69 ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server no ip http secure-server ip nat inside source list 1 interface Dialer0 overload ip nat inside source static udp 192.168.1.221 10002 interface Dialer0
10002 ip nat inside source static udp 192.168.1.221 10001 interface Dialer0 10001 ip nat inside source static udp 192.168.1.221 10000 interface Dialer0 10000 ip nat inside source static udp 192.168.1.221 5060 interface Dialer0 5060 ip nat inside source static tcp 192.168.1.221 22 interface Dialer0 22 ip nat inside source static tcp 192.168.1.221 20 interface Dialer0 20 ip nat inside source static tcp 192.168.1.221 110 interface Dialer0 110 ip nat inside source static tcp 192.168.1.221 25 interface Dialer0 25 ip nat inside source static tcp 192.168.1.221 21 interface Dialer0 21 ip nat inside source static tcp 192.168.1.221 11888 interface Dialer0 11888 ip nat inside source static tcp 192.168.1.221 80 interface Dialer0 80 ip nat inside source static tcp 192.168.1.221 23 interface Dialer0 23 ip nat inside source route-map nonat interface Dialer0 overload ! logging 192.168.1.221 access-list 1 permit any access-list 100 permit ip any any dialer-list 1 protocol ip permit ! route-map nonat permit 10 match ip address 100 ! control-plane ! line con 0 line aux 0 line vty 0 4 password xxx ! end