1. Home
  2. Cisco Systems
  3. VPN Troubles

VPN Troubles

I think i am loosing my mind. Does anyone see why this VPN does not respond.

Thier are no errors on connection attempts. Logs say that it simply never responds.

Thanks in advance

! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname XXXXXXX ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 ! aaa new-model ! ! aaa authentication login default local aaa authentication login userauthen group radius aaa authorization exec default local ! aaa session-id common ! resource policy ! clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip source-route ip cef ! ! ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW h323 ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ip inspect name SDM_LOW ftp ip tcp synwait-time 10 ! ! no ip bootp server ip domain name xxxxxxx ip name-server 192.168.0.230 ip name-server X.X.100.20 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! crypto pki trustpoint TP-self-signed-11055325 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-11055325 revocation-check none rsakeypair TP-self-signed-11055325 ! ! crypto pki certificate chain TP-self-signed-11055325 certificate self-signed 01 4C4BD0CB E6E38908 B957376D E7E418B4 E3C70203 696CABB4 556A8ED6 757A9EE8 0E2B0576 1BFEF8C2 A77C83EA 5B79191C EC8D860C F22C9755 FF602F83 DD5E3781 21FC0838 AD14C703 BD1D1808 679336 quit username admin privilege 15 secret 5 $1$wlL/ ! ! ! crypto isakmp policy 1 encr aes 256 authentication pre-share group 2 ! crypto isakmp client configuration group DESCO key XXXX55% dns 192.168.X.X 192.168.X.X domain XXXX.local pool desco-dynamic-vpn-pool acl desco_vpn_clients_acl ! ! crypto ipsec transform-set strongest esp-aes 256 esp-sha-hmac ! crypto dynamic-map dynmap 1 set transform-set strongest ! ! crypto map vpn-master-map client authentication list userauthen crypto map vpn-master-map isakmp authorization list groupauthor crypto map vpn-master-map client configuration address respond crypto map vpn-master-map 65535 ipsec-isakmp dynamic dynmap ! ! ! interface FastEthernet0/0 description $ETH-SW-LAUNCH$$INTF-INFO-FE

0$$ES_LAN$$ETH-LAN$$FW_INSIDE$ ip address 192.168.XXXX 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto no mop enabled ! interface FastEthernet0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown duplex auto speed auto no mop enabled ! interface Serial0/1/0 ip address X.X.X.62 255.255.255.252 secondary ip address X.X.X.98 255.255.255.248 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip inspect SDM_LOW in ip inspect SDM_LOW out ip nat outside ip virtual-reassembly ip route-cache flow service-module t1 timeslots 13-24 crypto map vpn-master-map ! ip local pool desco-dynamic-vpn-pool 192.168.5.2 192.168.5.75 ip classless ip route 0.0.0.0 0.0.0.0 X.X.X.61 permanent ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat pool IPPool X.X.X.101 X.X.X102 netmask 255.255.255.248 ip nat inside source list NatRule interface Serial0/1/0 overload ip nat inside source static tcp 192.168.0.221 21 72.236.136.98 21 extendable ip nat inside source static tcp 192.168.0.230 25 72.236.136.98 25 extendable ip nat inside source static tcp 192.168.0.230 80 72.236.136.98 80 extendable ip nat inside source static tcp 192.168.0.230 110 72.236.136.98 110 extendable ip nat inside source static tcp 192.168.0.230 443 72.236.136.98 443 extendable ip nat inside source static tcp 192.168.0.214 3389 72.236.136.98 3389 extendable ip nat inside source static tcp 192.168.0.90 5500 72.236.136.98 5500 extendable ip nat inside source static tcp 192.168.0.91 5501 72.236.136.98 5501 extendable ip nat inside source static tcp 192.168.0.92 5502 72.236.136.98 5502 extendable ip nat inside source static tcp 192.168.0.93 5503 72.236.136.98 5503 extendable ip nat inside source static tcp 192.168.0.94 5504 72.236.136.98 5504 extendable ip nat inside source static tcp 192.168.0.95 5505 72.236.136.98 5505 extendable ip nat inside source static tcp 192.168.0.96 5506 72.236.136.98 5506 extendable ip nat inside source static tcp 192.168.0.97 5507 72.236.136.98 5507 extendable ip nat inside source static tcp 192.168.0.98 5508 72.236.136.98 5508 extendable ip nat inside source static tcp 192.168.0.99 5509 72.236.136.98 5509 extendable ip nat inside source static tcp 192.168.0.100 5510 72.236.136.98 5510 extendable ip nat inside source static tcp 192.168.0.14 6051 72.236.136.98 6051 extendable ip nat inside source static tcp 192.168.0.94 6055 72.236.136.98 6055 extendable ip nat inside source static tcp 192.168.0.21 6091 72.236.136.98 6091 extendable ip nat inside source static tcp 192.168.0.209 6723 72.236.136.98 6723 extendable ip nat inside source static tcp 192.168.0.209 8080 72.236.136.98 8080 extendable ip nat inside source static tcp 192.168.0.208 8081 72.236.136.98 8081 extendable ip nat inside source static tcp 192.168.0.223 25 72.236.136.99 25 extendable ip nat inside source static tcp 192.168.0.222 80 72.236.136.99 80 extendable ip nat inside source static tcp 192.168.0.223 110 72.236.136.99 110 extendable ip nat inside source static tcp 192.168.0.223 143 72.236.136.99 143 extendable ip nat inside source static tcp 192.168.0.222 443 72.236.136.99 443 extendable ip nat inside source static tcp 192.168.0.222 6090 72.236.136.99 6090 extendable ! ip access-list standard NatRule permit X.X.X.0 0.0.0.255 ! ip access-list extended desco_vpn_clients_acl permit ip X.X.X.0 0.0.0.255 X.X.X.0 0.0.0.255 ! logging trap debugging access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip X.X.X.60 0.0.0.3 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit esp any any access-list 101 permit udp any eq non500-isakmp any access-list 101 permit udp any eq isakmp any access-list 101 permit gre any any access-list 101 permit tcp any any eq 6723 access-list 101 permit tcp any any eq 6050 access-list 101 permit tcp any any eq 143 access-list 101 permit tcp any any eq 3389 access-list 101 permit tcp any any eq smtp access-list 101 permit tcp any any eq pop3 access-list 101 permit tcp any any eq 443 access-list 101 permit tcp any any eq www access-list 101 permit tcp any any range 5500 5510 access-list 101 permit tcp any any eq 8081 access-list 101 permit tcp any any eq 8080 access-list 101 permit tcp any any eq 6051 access-list 101 permit tcp any any eq 6091 access-list 101 permit tcp any any eq 6090 access-list 101 permit tcp any any eq ftp access-list 101 permit tcp any any eq 6055 access-list 101 deny ip 192.168.0.0 0.0.0.255 any access-list 101 permit icmp any host 72.236.132.62 echo-reply access-list 101 permit icmp any host 72.236.132.62 time-exceeded access-list 101 permit icmp any any access-list 101 permit icmp any host 72.236.132.62 unreachable access-list 101 deny ip 127.0.0.0 0.255.255.255 any snmp-server community public RO no cdp run ! radius-server host 192.168.0.230 auth-port 1645 acct-port 1646 key 7 111X.X.X ! control-plane ! line con 0 transport output telnet line aux 0 transport output telnet line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! scheduler allocate 20000 1000 end
Reply to
minoad
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.