Hi, I would like to test a VPN connection with a cisco 851 and a remote PC (win XP and a Cisco VPN client Ver. 4.8.01.0300). All seams works fine but when the remote PC is connected it isn't able to reach the network that is "behind" the cisco router. I read some Cisco documentation but I don't understand what is wronged in my config. Thanks for any help. Stefano
hostname TEST_VPNCLIENTR01 ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 XXXXXXXXXXXXXXXX enable password 7 XXXXXXXXXXXXX ! aaa new-model
! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ! resource policy ! memory-size iomem 15 clock timezone PCTime 1 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 no ip source-route ! ! ip cef ip tcp synwait-time 10 no ip bootp server no ip domain lookup ip domain name mend.it ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki trustpoint TP-self-signed-214268660 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-214268660 revocation-check none rsakeypair TP-self-signed-214268660 ! !
username administrator privilege 15 secret 5 XXXXXXXXXXXXXX username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXX username PAPERINO secret 5 XXXXXXXXXXXXXXXXX ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group GRUPPOVPN key XXXXXXXXX dns 172.24.50.20 213.140.2.43 domain pippo.it pool VPN_POOL ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map VPN_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map VPN_CRYPTO_MAP client authentication list sdm_vpn_xauth_ml_1 crypto map VPN_CRYPTO_MAP isakmp authorization list sdm_vpn_group_ml_1 crypto map VPN_CRYPTO_MAP client configuration address respond crypto map VPN_CRYPTO_MAP 65535 ipsec-isakmp dynamic VPN_DYNMAP_1 ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description OUTSIDE ip address 172.17.2.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto crypto map VPN_CRYPTO_MAP ! interface Vlan1 description INSIDE ip address 172.24.50.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! ip local pool VPN_POOL 172.24.50.211 172.24.50.221 ip route 0.0.0.0 0.0.0.0 172.17.2.4 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map RMAP_NAVIGAZIONE interface FastEthernet4 overload ip nat inside source static tcp 172.24.50.20 3389 interface FastEthernet4 3389 ! logging trap debugging
access-list 1 permit 172.24.50.0 0.0.0.255
access-list 100 deny ip any host 172.24.50.211 access-list 100 deny ip any host 172.24.50.212 access-list 100 deny ip any host 172.24.50.213 access-list 100 deny ip any host 172.24.50.214 access-list 100 deny ip any host 172.24.50.215 access-list 100 deny ip any host 172.24.50.216 access-list 100 deny ip any host 172.24.50.217 access-list 100 deny ip any host 172.24.50.218 access-list 100 deny ip any host 172.24.50.219 access-list 100 deny ip any host 172.24.50.220 access-list 100 deny ip any host 172.24.50.221 access-list 100 permit ip 172.24.50.0 0.0.0.255 any no cdp run
route-map RMAP_NAVIGAZIONE permit 1 match ip address 100
VERSIONE Cisco 851
ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE
TEST_VPNCLIENTR01 uptime is 17 hours, 16 minutes System returned to ROM by power-on System image file is "flash:c850-advsecurityk9-mz.124-9.T.bin"