Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Configuring Easy VPN and standard VPN

Reply
Thread Tools

Configuring Easy VPN and standard VPN

 
 
Infocde
Guest
Posts: n/a
 
      03-04-2004
Hi,

I've made some time ago a little configuration on a 827 that permit to
connect to a VPN on another router and to accept Easy VPN client.
I don't know how but I've made some modification to my config and now it
doesn't work anymore.

I can establish the Easy VPN connection, but on the connected device, I
can't ping internal address.
I remember about an access-list to modify but I can find where.
Here is my configuration, so if someone can help me, it would be great.
Thx
Bob

================================================== ============0
Current configuration : 3836 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname gw
!
boot-start-marker
boot-end-marker
!
no logging buffered
no logging console
!
username abc password xxxxxxxxxxxxx
aaa new-model
!
!
aaa authentication login gtr line
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
ip name-server externalDNS
ip dhcp excluded-address x.y.z.w x.y.z.w
!
ip dhcp pool tre
import all
network internalIP 255.255.255.0
default-router internalGW
dns-server internalDNS
domain-name bob.com
netbios-node-type h-node
lease infinite
!
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key sharedkey address VPN1_IP no-xauth
crypto isakmp key sharedkey address VPN2_IP no-xauth
!
crypto isakmp client configuration group bob
key bob
dns InternalDNS
domain bob.com
pool ippool
!
!
crypto ipsec transform-set dsltest esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set dsltest
!
!
crypto map test client authentication list userauthen
crypto map test isakmp authorization list groupauthor
crypto map test client configuration address respond
crypto map test 10 ipsec-isakmp
set peer VPN1_IP
set transform-set dsltest
match address 101
crypto map test 11 ipsec-isakmp
set peer VPN2_IP
set transform-set dsltest
match address 102
crypto map test 20 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
ip address InternalIP 255.255.255.0
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer1
ip address ExternalIP 255.255.255.0
ip mtu 1492
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
ppp authentication chap pap callin
crypto map test
!
ip local pool ippool InternalIP.200 InternalIP.250
ip nat inside source route-map nonat interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
access-list 1 permit InternalNetwork 0.0.0.255
access-list 23 permit InternalNetwork 0.0.0.255
access-list 101 permit ip InternalNetwork 0.0.0.255 VPN1_Network 0.0.0.255
access-list 102 permit ip InternalNetwork 0.0.0.255 VPN2_Network 0.0.0.255
access-list 105 deny ip InternalNetwork 0.0.0.255 VPN1_Network 0.0.0.255
access-list 105 permit ip InternalNetwork 0.0.0.255 any
dialer-list 1 protocol ip permit
!
route-map nonat permit 10
match ip address 105
!
!
line con 0
exec-timeout 120 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end


 
Reply With Quote
 
 
 
 
John Rennie
Guest
Posts: n/a
 
      03-07-2004
I would turn on logging (use "logging buffered"). Then "sh log" should show
you what is being blocked.

JR

On Thu, 4 Mar 2004 22:20:23 +0100, "Infocde" <(E-Mail Removed)> wrote:

>Hi,
>
>I've made some time ago a little configuration on a 827 that permit to
>connect to a VPN on another router and to accept Easy VPN client.
>I don't know how but I've made some modification to my config and now it
>doesn't work anymore.
>
>I can establish the Easy VPN connection, but on the connected device, I
>can't ping internal address.

<snip>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN - Easy VPN Server (PIX 515) and Hardware Client (831 Router) Al Cisco 0 02-16-2005 08:15 PM
Cannot VPN to 1721 through Easy VPN Client mack Cisco 0 10-13-2004 01:15 PM
External DHCP for Easy Vpn Server 1712 VPN Client POL Cisco 0 09-10-2004 10:12 AM
easy to look at and easy to maintain web page menuing system. Hazzard ASP .Net 2 04-06-2004 03:51 AM
Easy VPN Server and Cisco VPN Client 4.0.3 Masud Reza Cisco 2 10-20-2003 06:12 PM



Advertisments