Hello,
I am managing a small network of 25 computers with 6 servers and a 2600 Cisco Router. I have configured the clients to connect (remote desktop) remotely using cisco vpn. 1 user has complained that she looses vpn connectivity every 60 minutes. Other users have complained that the remote vpn connection terminates unexpectedly. I have connected to the site and sometimes I get diconnected from the vpn. I connect again only to be disconnected again 30 sec later. Users have been successfully logging on to the network remotely in the past but sometimes the vpn teminates the connection. I have called Cisco about this and I have sent my configs to them and they say that all is well on the config side of things. Do i need to buy say a PIX and get rid of the 2600 router? Will the PIX improve connectivity? Also there are about 15 simultaneous vpn connections. Here are my configs:
CanHQ#sh runn Building configuration...
Current configuration : 4004 bytes ! version 12.2 service config service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname CanHQ ! enable secret 5 $1$iGoi$Fnx54FQmiqOb12B7L.5Hu1 enable password ! username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 username password 0 usernamepassword 0 username password 0 username password 0 username password 0 aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local aaa session-id common ip subnet-zero no ip source-route ! ! ip domain name canfornav ip name-server 198.235.216.131 ip name-server 198.235.216.130 no ip dhcp conflict logging ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group cangroup key cango10 dns 198.235.216.131 wins 192.168.1.113 domain blwing pool ourpool acl 101 ! ! crypto ipsec transform-set STRONG esp-des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set STRONG ! ! crypto map Cryptomap client authentication list userauthen crypto map Cryptomap isakmp authorization list groupauthor crypto map Cryptomap client configuration address initiate crypto map Cryptomap client configuration address respond crypto map Cryptomap 10 ipsec-isakmp dynamic dynmap ! ! ! ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 description connected to service provider's router ip address 206.47.215.138 255.255.255.248 ip nat outside no ip route-cache no ip mroute-cache speed 10 half-duplex crypto map Cryptomap ! interface FastEthernet0/1 description connected to lan ip address 192.168.1.254 255.255.255.0 ip nat inside no ip route-cache no ip mroute-cache ip policy route-map nonat duplex auto speed auto ! ip local pool ourpool 10.1.1.1 10.1.1.254 ip nat inside source list 103 interface FastEthernet0/0 overload ip nat inside source static tcp 192.168.1.250 25 206.47.215.139 25 extendable ip nat inside source static tcp 192.168.1.250 110 206.47.215.139 110 extendable ip classless ip route 0.0.0.0 0.0.0.0 206.47.215.137 no ip http server ip pim bidir-enable ! ! ip access-list extended addr-pool ip access-list extended default-domain ip access-list extended idletime ip access-list extended key-exchange ip access-list extended service ip access-list extended timeout ip access-list extended wins-servers ! logging trap debugging logging 192.168.1.249 access-list 101 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 102 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 103 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 103 permit ip 192.168.1.0 0.0.0.255 any dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit ! route-map nonat permit 10 match ip address 102 set ip next-hop 1.1.1.2 ! radius-server authorization permit missing Service-Type call rsvp-sync ! ! mgcp profile default ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 password line aux 0 line vty 0 4 exec-timeout 5 0 password ! ! end
CanHQ#