Hi,
I am trying to setup a cisco 2651 router to allow remote users to connect via cisco VPN client 4.0.1 and be able to access resources on the internal network.
I am using IOS 12.3(8)T
The basic setup is:
VPN CLIENT (behind NAT) ----- Internet ------ DSL modem ---- 2651 Router ---- local users
The 2651 dials the PPPoE to obtain my connection to the ISP (I do not have a static IP).
The VPN clients receive 192.168.2.X addresses and local users receive
192.168.15.X addresses.I have no problem getting the vpn clients to authenticate but after this i cannot pass any traffic on the local network or on the internet.
I have tried so many combinations of ACLs (I removed most of them now to make things cleaner to read) and i'm not sure if NAT is also causing any problems.
my config is below, thanks in advance! n2c
Router>enable Router#show run Building configuration...
Current configuration : 3471 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! username XXXXX password 0 XXXXXX no network-clock-participate slot 1 no network-clock-participate wic 0 aaa new-model ! ! aaa authentication login userlist local aaa authorization network grouplist local aaa session-id common ip subnet-zero ! ! ! ! ! ip cef no ip domain lookup ip ips po max-events 100 vpdn enable ! vpdn-group pppoe request-dialin protocol pppoe ! no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 1 hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group XXXXXX key XXXXXX pool vpnpoolTEST ! ! crypto ipsec transform-set TRANS esp-aes esp-md5-hmac ! crypto dynamic-map MAP1 1 set transform-set TRANS ! ! ! crypto map MAP1 client authentication list userlist crypto map MAP1 isakmp authorization list grouplist crypto map MAP1 client configuration address respond crypto map MAP1 1 ipsec-isakmp dynamic MAP1 ! ! ! ! interface FastEthernet0/0 no ip address shutdown speed auto full-duplex ! interface FastEthernet0/1 no ip address shutdown speed auto full-duplex ! interface Ethernet1/0 no ip address ip tcp adjust-mss 1452 full-duplex pppoe enable pppoe-client dial-pool-number 1 ! interface Ethernet1/1 no ip address shutdown ! interface Ethernet1/2 no ip address shutdown ! interface Ethernet1/3 ip address 192.168.15.21 255.255.255.0 ip nat inside ip virtual-reassembly full-duplex ! interface Dialer1 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 ppp authentication chap pap callin ppp chap hostname xxxxxxxx ppp chap password 0 xxxxxxx ppp pap sent-username xxxxxxx password 0 xxxxxx crypto map MAP1 ! ! ip local pool vpnpoolTEST 192.168.2.50 192.168.2.65 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 192.168.1.0 255.255.255.0 Ethernet1/1 ! ip http server no ip http secure-server ip nat inside source list 1 interface Dialer1 overload ! ! access-list 1 permit 192.168.2.0 0.0.0.255 access-list 1 permit 192.168.15.0 0.0.0.255 ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end