I have tried numerous al variations but whenever I connect via cisco vpn client software I can only ping the router - no internal IPs. can someone take a look and revert?
version 12.4
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname evocap-nyc0
!
boot-start-marker
boot-end-marker
!
logging buffered 50000 warnings
no logging rate-limit
no logging console
enable password netq
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
!
!
ip cef
no ip dhcp conflict logging
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip dhcp-server 192.168.1.1
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username sean privilege 15 password 0 j^Mn0)*
username netq privilege 15 password 0 netq
username user password 0 cisco
!
!
no ip ftp passive
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key ClownToClown address 206.81.255.74
!
crypto isakmp client configuration group evo
key l3tm31n!
dns 192.168.1.5
domain evocapman.com
pool vpnusers
acl 104
!
!
crypto ipsec transform-set officeVPN esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 1
set transform-set myset
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 1 ipsec-isakmp dynamic dynmap
!
crypto map officeVPN 10 ipsec-isakmp
set peer 206.81.255.74
set transform-set officeVPN
match address 110
!
!
!
!
interface Loopback0
ip address 192.169.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0
ip address 208.105.16.234 255.255.255.248
ip nat outside
ip virtual-reassembly
ip policy route-map VPN-Client
duplex auto
speed auto
crypto map clientmap
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
!
ip local pool vpnusers 10.10.10.100 10.10.10.199
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 208.105.16.233
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 103 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.6 3389 interface GigabitEthernet0/0 3389
ip nat inside source static tcp 192.168.1.6 110 interface GigabitEthernet0/0 110
ip nat inside source static tcp 192.168.1.6 80 interface GigabitEthernet0/0 80
ip nat inside source static tcp 192.168.1.6 25 interface GigabitEthernet0/0 25
ip nat inside source static tcp 192.168.1.6 21 interface GigabitEthernet0/0 21
ip nat inside source static 192.168.1.6 208.105.16.237
ip nat inside source static 192.168.1.5 208.105.16.238
!
ip access-list extended sean
permit tcp any gt 1023 any eq smtp
permit tcp any gt 1023 any eq www
permit tcp any gt 1023 any eq pop3
!
access-list 102 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 150 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 150 permit ip 192.168.0.0 0.0.255.255 any
access-list 154 permit ip any any
access-list 161 permit ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^CC
################################################## ########################
# #
# *** AUTHORIZED USERS ONLY *** #
# #
# This is a private network. #
# The unauthorized access, use or modification of this device, #
# network, the data contained herein, or in transit to and from #
# is a violation of federal, state, and local laws. #
# You must have explicit permission to configure the device or #
# or access the network. All activities on this device are #
# logged and the network is monitored. Persons violating the #
# system shall be prosecuted to the fullest extent permitted #
# by law. #
################################################## ########################
^C
!
line con 0
line aux 0
password frank
no flush-at-activation
line vty 0 4
exec-timeout 60 0
privilege level 15
password input ssh
no flush-at-activation
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180871
ntp server 199.125.189.34
!
end
|
Similar Threads
