CISCO 851 -VPN CLIENT

Discussion in 'Cisco' started by stefano.codari@wpsit.net, Sep 6, 2006.

  1. Guest

    Hi,
    I would like to test a VPN connection with a cisco 851 and a remote PC
    (win XP and a Cisco VPN client Ver. 4.8.01.0300).
    All seams works fine but when the remote PC is connected it isn't able
    to reach the network that is "behind" the cisco router.
    I read some Cisco documentation but I don't understand what is wronged
    in my config.
    Thanks for any help.
    Stefano


    hostname TEST_VPNCLIENTR01
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 XXXXXXXXXXXXXXXX
    enable password 7 XXXXXXXXXXXXX
    !
    aaa new-model

    !
    aaa authentication login default local
    aaa authentication login sdm_vpn_xauth_ml_1 local
    aaa authorization exec default local
    aaa authorization network sdm_vpn_group_ml_1 local
    !
    aaa session-id common
    !
    resource policy
    !
    memory-size iomem 15
    clock timezone PCTime 1
    clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
    no ip source-route
    !
    !
    ip cef
    ip tcp synwait-time 10
    no ip bootp server
    no ip domain lookup
    ip domain name mend.it
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    crypto pki trustpoint TP-self-signed-214268660
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-214268660
    revocation-check none
    rsakeypair TP-self-signed-214268660
    !
    !

    username administrator privilege 15 secret 5 XXXXXXXXXXXXXX
    username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXX
    username PAPERINO secret 5 XXXXXXXXXXXXXXXXX
    !
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp client configuration group GRUPPOVPN
    key XXXXXXXXX
    dns 172.24.50.20 213.140.2.43
    domain pippo.it
    pool VPN_POOL
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    crypto dynamic-map VPN_DYNMAP_1 1
    set transform-set ESP-3DES-SHA
    reverse-route
    !
    !
    crypto map VPN_CRYPTO_MAP client authentication list sdm_vpn_xauth_ml_1
    crypto map VPN_CRYPTO_MAP isakmp authorization list sdm_vpn_group_ml_1
    crypto map VPN_CRYPTO_MAP client configuration address respond
    crypto map VPN_CRYPTO_MAP 65535 ipsec-isakmp dynamic VPN_DYNMAP_1
    !
    !
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    description OUTSIDE
    ip address 172.17.2.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    crypto map VPN_CRYPTO_MAP
    !
    interface Vlan1
    description INSIDE
    ip address 172.24.50.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    ip local pool VPN_POOL 172.24.50.211 172.24.50.221
    ip route 0.0.0.0 0.0.0.0 172.17.2.4
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source route-map RMAP_NAVIGAZIONE interface FastEthernet4
    overload
    ip nat inside source static tcp 172.24.50.20 3389 interface
    FastEthernet4 3389
    !
    logging trap debugging

    access-list 1 permit 172.24.50.0 0.0.0.255

    access-list 100 deny ip any host 172.24.50.211
    access-list 100 deny ip any host 172.24.50.212
    access-list 100 deny ip any host 172.24.50.213
    access-list 100 deny ip any host 172.24.50.214
    access-list 100 deny ip any host 172.24.50.215
    access-list 100 deny ip any host 172.24.50.216
    access-list 100 deny ip any host 172.24.50.217
    access-list 100 deny ip any host 172.24.50.218
    access-list 100 deny ip any host 172.24.50.219
    access-list 100 deny ip any host 172.24.50.220
    access-list 100 deny ip any host 172.24.50.221
    access-list 100 permit ip 172.24.50.0 0.0.0.255 any
    no cdp run

    route-map RMAP_NAVIGAZIONE permit 1
    match ip address 100

    VERSIONE Cisco 851

    ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

    TEST_VPNCLIENTR01 uptime is 17 hours, 16 minutes
    System returned to ROM by power-on
    System image file is "flash:c850-advsecurityk9-mz.124-9.T.bin"
     
    , Sep 6, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MP
    Replies:
    2
    Views:
    12,424
  2. murphynev

    FA: Cisco 851 VPN Firewall Router

    murphynev, Oct 15, 2005, in forum: Cisco
    Replies:
    2
    Views:
    1,033
    Gizmo
    Oct 17, 2005
  3. libra2222
    Replies:
    0
    Views:
    871
    libra2222
    Sep 20, 2007
  4. Paul
    Replies:
    2
    Views:
    624
    Scott Perry
    Jan 7, 2008
  5. Zedsquared
    Replies:
    0
    Views:
    628
    Zedsquared
    Feb 3, 2010
Loading...

Share This Page