Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   problem with cisco 827 and cisco vpn client 3.6.3A (http://www.velocityreviews.com/forums/t28911-problem-with-cisco-827-and-cisco-vpn-client-3-6-3a.html)

Beppe 07-08-2003 11:10 AM

problem with cisco 827 and cisco vpn client 3.6.3A
 
Hi all
I'm trying to connect with ipsec a W2k pc where is installed
Cisco Vpn Client 3.6.3A and a Cisco 827 router (IOS version 122-8.YJ), it's
possible to do
so?
The router have already two ipsec connections to other two 827, and they
work good.
Now, I'm trying to add the above situation configuring the
router (see the running-config below).

The cisco vpn client point the loopback0 interface(111.111.111.111), the
authentication
work, I put in username and password when request and the
connection became operative, but in the status on the vpn client,
I see secure connections 10.0.0.0 255.255.255.0 and loopback0 ip public
address (e.g. 80.21.25.36 255.255.255.255)
and in the other Lan routes nothing..., why?
I want my vpn client see the internal Lan 10.0.0.0 but if I try to
ping the e0 int on the router or other pc client in the Lan it doesn't work.
I've also selected "Allow Local Lan Access" on the cisco vpn client
properties,
no result because on the vpn client status I still see Local lan access
disabled...
I don't know why.
Can anyone suggest me something to do to solve it?
any idea is welcome
regards
Beppe

Running-config (all the public addresses are fictitious)
!
version 12.2
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
!
username xxxxx password x xxxxxxxxxxxxxxxxx
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key xyz address 212.212.212.212
crypto isakmp key abc address 213.213.213.213
!
crypto isakmp client configuration group remote-client
key efg
pool clientpool
acl 118
!
!
crypto ipsec transform-set myset1 esp-des esp-md5-hmac
crypto ipsec transform-set myset2 esp-des esp-md5-hmac
crypto ipsec transform-set myset3 esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset3
!
!
crypto map mymap local-address Loopback0
crypto map mymap client authentication list userauthen
crypto map mymap isakmp authorization list groupauthor
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp
set peer 212.212.212.212
set transform-set myset1
match address 115
crypto map mymap 20 ipsec-isakmp
set peer 213.213.213.213
set transform-set myset2
match address 116
crypto map mymap 30 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
ip address 111.111.111.111 255.255.255.248
ip nat outside
crypto map mymap
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip route-cache
ip tcp adjust-mss 1400
no ip mroute-cache
no keepalive
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 123.123.123.123 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip route-cache
no ip mroute-cache
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
crypto map mymap
!
ip local pool clientpool 10.0.2.1 10.0.2.254
ip nat pool natted 111.111.111.112 111.111.111.112 prefix-length 29
ip nat inside source route-map nonat pool natted overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
ip pim bidir-enable
!
!
access-list 115 permit ip 10.0.0.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 116 permit ip 10.0.0.0 0.0.0.255 10.188.58.128 0.0.0.63
access-list 117 deny ip 10.0.0.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 117 deny ip 10.0.0.0 0.0.0.255 10.188.58.128 0.0.0.63
access-list 117 deny ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 117 permit ip 10.0.0.0 0.0.0.255 any
access-list 118 permit ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
no cdp run
!
route-map nonat permit 10
match ip address 117
!
radius-server retransmit 3
!
line con 0
exec-timeout 0 0
stopbits 1
line vty 0 4
exec-timeout 120 0
password XXXXXXXXXXXXXXXX
length 0
!
scheduler max-task-time 5000
end




All times are GMT. The time now is 08:58 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.