Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > CISCO 851 -VPN CLIENT

Reply
Thread Tools

CISCO 851 -VPN CLIENT

 
 
stefano.codari@wpsit.net
Guest
Posts: n/a
 
      09-06-2006
Hi,
I would like to test a VPN connection with a cisco 851 and a remote PC
(win XP and a Cisco VPN client Ver. 4.8.01.0300).
All seams works fine but when the remote PC is connected it isn't able
to reach the network that is "behind" the cisco router.
I read some Cisco documentation but I don't understand what is wronged
in my config.
Thanks for any help.
Stefano


hostname TEST_VPNCLIENTR01
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 XXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXXXXX
!
aaa new-model

!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
memory-size iomem 15
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name mend.it
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-214268660
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-214268660
revocation-check none
rsakeypair TP-self-signed-214268660
!
!

username administrator privilege 15 secret 5 XXXXXXXXXXXXXX
username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXX
username PAPERINO secret 5 XXXXXXXXXXXXXXXXX
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group GRUPPOVPN
key XXXXXXXXX
dns 172.24.50.20 213.140.2.43
domain pippo.it
pool VPN_POOL
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map VPN_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map VPN_CRYPTO_MAP client authentication list sdm_vpn_xauth_ml_1
crypto map VPN_CRYPTO_MAP isakmp authorization list sdm_vpn_group_ml_1
crypto map VPN_CRYPTO_MAP client configuration address respond
crypto map VPN_CRYPTO_MAP 65535 ipsec-isakmp dynamic VPN_DYNMAP_1
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description OUTSIDE
ip address 172.17.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map VPN_CRYPTO_MAP
!
interface Vlan1
description INSIDE
ip address 172.24.50.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip local pool VPN_POOL 172.24.50.211 172.24.50.221
ip route 0.0.0.0 0.0.0.0 172.17.2.4
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map RMAP_NAVIGAZIONE interface FastEthernet4
overload
ip nat inside source static tcp 172.24.50.20 3389 interface
FastEthernet4 3389
!
logging trap debugging

access-list 1 permit 172.24.50.0 0.0.0.255

access-list 100 deny ip any host 172.24.50.211
access-list 100 deny ip any host 172.24.50.212
access-list 100 deny ip any host 172.24.50.213
access-list 100 deny ip any host 172.24.50.214
access-list 100 deny ip any host 172.24.50.215
access-list 100 deny ip any host 172.24.50.216
access-list 100 deny ip any host 172.24.50.217
access-list 100 deny ip any host 172.24.50.218
access-list 100 deny ip any host 172.24.50.219
access-list 100 deny ip any host 172.24.50.220
access-list 100 deny ip any host 172.24.50.221
access-list 100 permit ip 172.24.50.0 0.0.0.255 any
no cdp run

route-map RMAP_NAVIGAZIONE permit 1
match ip address 100

VERSIONE Cisco 851

ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

TEST_VPNCLIENTR01 uptime is 17 hours, 16 minutes
System returned to ROM by power-on
System image file is "flash:c850-advsecurityk9-mz.124-9.T.bin"

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
is an 851 to 851 ipsec tunnel possible? Zedsquared Cisco 0 02-03-2010 07:34 PM
Cisco 851 as DHCP client to ISP Paul Cisco 2 01-07-2008 03:46 PM
FA: Cisco 851 VPN Firewall Router murphynev Cisco 2 10-17-2005 08:49 AM
FS: Cisco 851 Uk m0rk Cisco 0 07-10-2005 12:51 PM
cisco 851 qos jas0n Cisco 0 06-18-2005 11:58 AM



Advertisments