Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco vpn client to Cisco 837 problem

Reply
Thread Tools

Cisco vpn client to Cisco 837 problem

 
 
maurice
Guest
Posts: n/a
 
      12-28-2004
hi,

I have trouble to solve this issue and would like to get your help.

I try to set up remote access vpn with cisco client software to a
cisco 837 vpn server but I can only get the tunnel up but d'ont be
able to ping router ethernet interface nor all computer in the LAN
site.

cisco client 4.0.2b--------Internet--------ADSL_Cisco
837_vpn_server-------LAN_Windows2003_terminal_server



Building configuration...

Current configuration : 3499 bytes

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname cisco837

boot-start-marker

boot-end-marker

logging buffered 51200 warnings

enable secret 5 xxxxxxxxxxx!

username admin privilege 15 password 0 XXXXXX
username vpnuser secret 5 xxxxxxxxx

clock timezone PCTimeZone 11

aaa new-model

aaa authentication login default local
aaa authentication login userlist local
aaa authentication ppp default local
aaa authorization network grouplist local

aaa session-id common

ip subnet-zero

no ip source-route

no ip domain lookup
ip domain name xxxxx.nc
ip name-server 202.171.yy.x
ip name-server 202.171.yy.x!

ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable

crypto isakmp policy 1

authentication pre-share

crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vegavpn
key xxxxxxx
domain xxxxxx.nc
pool vpnclients
acl 106

crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac

crypto dynamic-map vpnusers 1

description Client to Site VPN Users

set transform-set tr-des-md5

crypto map cm-cryptomap client authentication list userlist
crypto map cm-cryptomap isakmp authorization list grouplist
crypto map cm-cryptomap client configuration address respond
crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers

interface Ethernet0

description $ETH-LAN$

ip address 192.168.10.254 255.255.255.0
ip access-group 102 in
ip nat inside
ip tcp adjust-mss 1452
hold-queue 100 out

interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto

interface ATM0.1 point-to-point
pvc 8/35
ubr 250
pppoe-client dial-pool-number 1

interface Dialer0

ip address negotiated
ip access-group 101 in
ip mtu 1452
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname http://www.velocityreviews.com/forums/(E-Mail Removed)
ppp chap password 0 XXXXX
crypto map cm-cryptomap

ip local pool vpnclients 192.168.10.220 192.168.10.225
ip nat inside source route-map nonat interface Dialer0 overload

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server
ip http authentication local
ip http secure-server

access-list 1 remark The local LAN.

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 101 permit ip any any

access-list 102 permit ip any any

access-list 105 remark Traffic to NAT
access-list 105 deny ip 192.168.10.0 0.0.0.255 192.168.10.0
0.0.0.255
access-list 105 permit ip 192.168.10.0 0.0.0.255 any

access-list 106 remark User to Site VPN Clients
access-list 106 permit ip 192.168.10.0 0.0.0.255 any

dialer-list 1 protocol ip permit

route-map nonat permit 10
match ip address 105

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
privilege level 15
transport preferred all
transport input telnet ssh
transport output all

scheduler max-task-time 5000

end
 
Reply With Quote
 
 
 
 
Ravikumar Eswaran
Guest
Posts: n/a
 
      01-07-2005
Hi,

Configure the command "reverse-route injection" under "crypto
dynamic-map vpnusers 1"

On the otherway, you can clean up your config and use Cisco SDM
(Security Device Manager) to configure the Easy VPN Server.

www.cisco.com/go/sdm


-Ravikumar




maurice wrote:
> hi,
>
> I have trouble to solve this issue and would like to get your help.
>
> I try to set up remote access vpn with cisco client software to a
> cisco 837 vpn server but I can only get the tunnel up but d'ont be
> able to ping router ethernet interface nor all computer in the LAN
> site.
>
> cisco client 4.0.2b--------Internet--------ADSL_Cisco
> 837_vpn_server-------LAN_Windows2003_terminal_server
>
>
>
> Building configuration...
>
> Current configuration : 3499 bytes
>
> version 12.3
>
> no service pad
>
> service timestamps debug datetime msec
>
> service timestamps log datetime msec
>
> no service password-encryption
>
> hostname cisco837
>
> boot-start-marker
>
> boot-end-marker
>
> logging buffered 51200 warnings
>
> enable secret 5 xxxxxxxxxxx!
>
> username admin privilege 15 password 0 XXXXXX
> username vpnuser secret 5 xxxxxxxxx
>
> clock timezone PCTimeZone 11
>
> aaa new-model
>
> aaa authentication login default local
> aaa authentication login userlist local
> aaa authentication ppp default local
> aaa authorization network grouplist local
>
> aaa session-id common
>
> ip subnet-zero
>
> no ip source-route
>
> no ip domain lookup
> ip domain name xxxxx.nc
> ip name-server 202.171.yy.x
> ip name-server 202.171.yy.x!
>
> ip audit notify log
> ip audit po max-events 100
> ip ssh break-string
> no ftp-server write-enable
>
> crypto isakmp policy 1
>
> authentication pre-share
>
> crypto isakmp policy 2
> encr 3des
> authentication pre-share
> group 2
> crypto isakmp client configuration group vegavpn
> key xxxxxxx
> domain xxxxxx.nc
> pool vpnclients
> acl 106
>
> crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
> crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
> crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac
> crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
>
> crypto dynamic-map vpnusers 1
>
> description Client to Site VPN Users
>
> set transform-set tr-des-md5
>
> crypto map cm-cryptomap client authentication list userlist
> crypto map cm-cryptomap isakmp authorization list grouplist
> crypto map cm-cryptomap client configuration address respond
> crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers
>
> interface Ethernet0
>
> description $ETH-LAN$
>
> ip address 192.168.10.254 255.255.255.0
> ip access-group 102 in
> ip nat inside
> ip tcp adjust-mss 1452
> hold-queue 100 out
>
> interface ATM0
> no ip address
> no atm ilmi-keepalive
> dsl operating-mode auto
>
> interface ATM0.1 point-to-point
> pvc 8/35
> ubr 250
> pppoe-client dial-pool-number 1
>
> interface Dialer0
>
> ip address negotiated
> ip access-group 101 in
> ip mtu 1452
> ip nat outside
> encapsulation ppp
> dialer pool 1
> dialer-group 1
> ppp authentication chap callin
> ppp chap hostname (E-Mail Removed)
> ppp chap password 0 XXXXX
> crypto map cm-cryptomap
>
> ip local pool vpnclients 192.168.10.220 192.168.10.225
> ip nat inside source route-map nonat interface Dialer0 overload
>
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer0
>
> ip http server
> ip http authentication local
> ip http secure-server
>
> access-list 1 remark The local LAN.
>
> access-list 1 permit 192.168.10.0 0.0.0.255
>
> access-list 101 permit ip any any
>
> access-list 102 permit ip any any
>
> access-list 105 remark Traffic to NAT
> access-list 105 deny ip 192.168.10.0 0.0.0.255 192.168.10.0
> 0.0.0.255
> access-list 105 permit ip 192.168.10.0 0.0.0.255 any
>
> access-list 106 remark User to Site VPN Clients
> access-list 106 permit ip 192.168.10.0 0.0.0.255 any
>
> dialer-list 1 protocol ip permit
>
> route-map nonat permit 10
> match ip address 105
>
> control-plane
>
> !
>
> banner login ^CAuthorized access only!
>
> Disconnect IMMEDIATELY if you are not an authorized user!^C
>
> !
>
> line con 0
> no modem enable
> transport preferred all
> transport output all
> line aux 0
> transport preferred all
> transport output all
> line vty 0 4
> privilege level 15
> transport preferred all
> transport input telnet ssh
> transport output all
>
> scheduler max-task-time 5000
>
> end

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN between Cisco 837 and cisco 837 with IP static and ip dinamic lyvicro@hotmail.com Cisco 4 12-15-2005 09:10 PM
Cisco 837 and Cisco VPN client wierdness.. any ideas? Christian Hewitt Cisco 1 04-30-2005 11:33 AM
Remote access fun with Cisco 837 and locally auth'd Cisco VPN client Christian Hewitt Cisco 0 04-24-2005 09:48 AM
Cisco 837 to Cisco 837 VPN, ping OK, NetBios / VNC DROPPING! Suppa Lamah Cisco 8 12-19-2003 01:15 PM
Cisco 837-837 VPN Confused Cisco 0 07-09-2003 11:13 AM



Advertisments