2651 and remote VPN client

Discussion in 'Cisco' started by Sergey Sokolov, Dec 2, 2004.

  1. I have 2651 and remote VPN client
    Client can successfully establish VPN to 2651 but nothing going thru this
    tunnel. In clients stats there are no incoming decrypted packets. In 2651 I've
    seen incoming packets but no replies. What wrong? (This cisco also make VPN
    tunnel with other one)

    2651 config:
    version 12.3
    username client password
    aaa new-model
    aaa authentication login userauthen local
    aaa session-id common

    crypto isakmp policy 3
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp policy 10
    hash md5
    authentication pre-share
    crypto isakmp key xxxx address xx.xx.xx.xx
    crypto isakmp nat keepalive 20
    !
    crypto isakmp client configuration group 3000client
    key xxxxxxxxxxxx
    dns 192.168.77.1
    wins 192.168.77.1
    domain xxx.xx
    pool ippool
    acl 111
    !
    !
    crypto ipsec transform-set M-Chel esp-des esp-md5-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set M-Chel
    !
    !
    crypto map TunnelMap client authentication list userauthen
    crypto map TunnelMap isakmp authorization list groupauthor
    crypto map TunnelMap client configuration address respond
    crypto map TunnelMap 1 ipsec-isakmp
    set peer xx.xx.xx.xx
    set transform-set M-Chel
    match address 110
    crypto map TunnelMap 10 ipsec-isakmp dynamic dynmap
    !
    !
    !
    interface FastEthernet0/0
    description Link to DMZ
    ip address xxx.xxx.xxx.252 255.255.255.224
    no ip route-cache
    no ip mroute-cache
    duplex auto
    speed auto
    no cdp enable
    no clns route-cache
    ip nat outside
    crypto map TunnelMap
    !
    interface FastEthernet0/1
    description Internal Network
    ip address 192.168.77.17 255.255.255.0
    no ip route-cache
    no ip mroute-cache
    duplex auto
    speed auto
    no cdp enable
    ip nat outside
    no clns route-cache
    !
    ip local pool ippool 192.168.10.1 192.168.10.50
    ip nat inside source list 1 interface FastEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx permanent
    !
    access-list 110 permit ip 192.168.77.0 0.0.0.255 host xx.xx.xx.xx
    access-list 111 permit ip 192.168.77.0 0.0.0.255 192.168.10.0 0.0.0.255
    Sergey Sokolov, Dec 2, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dmitry
    Replies:
    7
    Views:
    8,566
    saravanakumar
    Jun 9, 2009
  2. Replies:
    0
    Views:
    2,432
  3. pasatealinux
    Replies:
    1
    Views:
    2,038
    pasatealinux
    Dec 17, 2007
  4. Pflugerville98

    Cisco 2651 Config....Help!

    Pflugerville98, Mar 18, 2008, in forum: Hardware
    Replies:
    2
    Views:
    1,160
    whoswho
    Mar 20, 2008
  5. david
    Replies:
    0
    Views:
    637
    david
    Jul 25, 2012
Loading...

Share This Page