cisco 800 nat / vpn problem

Discussion in 'Cisco' started by rdob, Jun 11, 2009.

  1. rdob

    rdob

    Joined:
    Jun 11, 2009
    Messages:
    4
    Dear Community,

    I've got a great problem with a Cisco 800, everything works perfect, exept the following scenario. I connect via cisco software vpn client to the cisco 800, and do a ssh session to a server behind the cisco -> works, but if i try to ping from this server an internet host I do not get a response, It seems that the whole lan cannot access the internet.

    Here's my config, please try to help me, to get it run

    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname test
    !
    boot-start-marker
    boot-end-marker
    !
    no logging buffered
    enable secret 5 $1$f1Aj$SKgHESHZBrkgdnt.GcT4d.
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login userauthen local
    aaa authorization exec default local
    aaa authorization network groupauthor local
    !
    !
    aaa session-id common
    !
    crypto pki trustpoint TP-self-signed-3854444061
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3854444061
    revocation-check none
    rsakeypair TP-self-signed-3854444061
    !
    !
    crypto pki certificate chain TP-self-signed-3854444061
    certificate self-signed 01
    75AB5B1A AF20E22C ... 4508C23C 61D38400 1DD722C8 D270587B EFC04103 8C66
    quit
    dot11 syslog
    !
    dot11 ssid testssid
    vlan 1
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 supersecurewlanpassword
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.99
    ip dhcp excluded-address 192.168.1.254
    ip dhcp excluded-address 192.168.1.10
    !
    ip dhcp pool LANPool
    import all
    network 192.168.1.0 255.255.255.0
    domain-name office.cc
    dns-server 195.58.161.122
    default-router 192.168.1.254
    lease 14
    !
    ip cef
    ip name-server 195.58.160.194
    ip name-server 195.58.161.122
    !
    !
    !
    username admin privilege 15 password 0 cisco
    username vpnuser password 0 cisco
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp client configuration group vpngroup
    key ciscovpn
    dns 195.3.160.194
    domain office.cc
    pool VPNPool
    acl 120
    !
    !
    crypto ipsec transform-set strongset esp-3des esp-md5-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set strongset
    reverse-route
    !
    !
    crypto map clientmap client authentication list userauthen
    crypto map clientmap isakmp authorization list groupauthor
    crypto map clientmap client configuration address respond
    crypto map clientmap 10 ipsec-isakmp dynamic dynmap
    !
    archive
    log config
    hidekeys
    !
    !
    ip ssh version 2
    !
    bridge irb
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    description $ETH-WAN$
    ip address 81.98.123.20 255.255.255.248
    ip access-group wan2lan in
    ip verify unicast reverse-path
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    crypto map clientmap
    crypto ipsec df-bit clear
    !
    interface Dot11Radio0
    no ip address
    !
    encryption vlan 1 mode ciphers tkip
    !
    broadcast-key vlan 1 change 45
    !
    !
    ssid oerv
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    no ip address
    ip nat inside
    ip virtual-reassembly
    bridge-group 1
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address 192.168.1.254 255.255.255.0
    ip access-group lan2wan in
    ip nat inside
    ip virtual-reassembly
    !
    ip local pool VPNPool 192.168.2.0 192.168.2.100
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 85.124.158.49
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip nat inside source route-map nonat interface FastEthernet4 overload
    ip nat inside source static tcp 192.168.1.10 22 81.98.123.20 2222 extendable
    !
    ip access-list extended lan2wan
    permit ip any any
    remark Lan -> Wan
    ip access-list extended wan2lan
    permit tcp any any eq 22
    permit udp any any eq isakmp
    permit esp any any
    permit tcp host 83.116.21.202 any eq 2222
    permit udp any any eq non500-isakmp
    remark Wan -> Lan
    deny ip any any
    !
    access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 110 permit ip 192.168.1.0 0.0.0.255 any
    access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    route-map nonat permit 10
    match ip address 110
    !
    !
    control-plane
    !
    bridge 1 route ip
    !
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    transport input all
    transport output all
    !
    scheduler max-task-time 5000
    sntp server 131.188.3.220
    end
     
    rdob, Jun 11, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Allan Wilson

    VPN, from nat without VPN to nat with it

    Allan Wilson, Jul 5, 2004, in forum: Cisco
    Replies:
    1
    Views:
    738
    Walter Roberson
    Jul 5, 2004
  2. Carl Jones
    Replies:
    4
    Views:
    1,106
    News Account
    Jul 5, 2004
  3. Jim Willsher
    Replies:
    5
    Views:
    6,646
    Jim Willsher
    May 12, 2006
  4. [BnH]
    Replies:
    3
    Views:
    659
    Walter Hofmann
    Sep 24, 2005
  5. HangaS
    Replies:
    9
    Views:
    869
    HangaS
    May 12, 2008
Loading...

Share This Page