Configuring Easy VPN and standard VPN

Discussion in 'Cisco' started by Infocde, Mar 4, 2004.

  1. Infocde

    Infocde Guest

    Hi,

    I've made some time ago a little configuration on a 827 that permit to
    connect to a VPN on another router and to accept Easy VPN client.
    I don't know how but I've made some modification to my config and now it
    doesn't work anymore.

    I can establish the Easy VPN connection, but on the connected device, I
    can't ping internal address.
    I remember about an access-list to modify but I can find where.
    Here is my configuration, so if someone can help me, it would be great.
    Thx
    Bob

    ==============================================================0
    Current configuration : 3836 bytes
    !
    version 12.3
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname gw
    !
    boot-start-marker
    boot-end-marker
    !
    no logging buffered
    no logging console
    !
    username abc password xxxxxxxxxxxxx
    aaa new-model
    !
    !
    aaa authentication login gtr line
    aaa authentication login userauthen local
    aaa authorization network groupauthor local
    aaa session-id common
    ip subnet-zero
    ip name-server externalDNS
    ip dhcp excluded-address x.y.z.w x.y.z.w
    !
    ip dhcp pool tre
    import all
    network internalIP 255.255.255.0
    default-router internalGW
    dns-server internalDNS
    domain-name bob.com
    netbios-node-type h-node
    lease infinite
    !
    vpdn enable
    !
    vpdn-group pppoe
    request-dialin
    protocol pppoe
    !
    !
    !
    !
    crypto isakmp policy 3
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp policy 20
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key sharedkey address VPN1_IP no-xauth
    crypto isakmp key sharedkey address VPN2_IP no-xauth
    !
    crypto isakmp client configuration group bob
    key bob
    dns InternalDNS
    domain bob.com
    pool ippool
    !
    !
    crypto ipsec transform-set dsltest esp-3des esp-md5-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set dsltest
    !
    !
    crypto map test client authentication list userauthen
    crypto map test isakmp authorization list groupauthor
    crypto map test client configuration address respond
    crypto map test 10 ipsec-isakmp
    set peer VPN1_IP
    set transform-set dsltest
    match address 101
    crypto map test 11 ipsec-isakmp
    set peer VPN2_IP
    set transform-set dsltest
    match address 102
    crypto map test 20 ipsec-isakmp dynamic dynmap
    !
    !
    !
    !
    interface Ethernet0
    ip address InternalIP 255.255.255.0
    ip nat inside
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    pvc 8/35
    pppoe-client dial-pool-number 1
    !
    dsl operating-mode auto
    !
    interface Dialer1
    ip address ExternalIP 255.255.255.0
    ip mtu 1492
    ip nat outside
    encapsulation ppp
    no ip route-cache
    no ip mroute-cache
    dialer pool 1
    ppp authentication chap pap callin
    crypto map test
    !
    ip local pool ippool InternalIP.200 InternalIP.250
    ip nat inside source route-map nonat interface Dialer1 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    no ip http server
    no ip http secure-server
    !
    access-list 1 permit InternalNetwork 0.0.0.255
    access-list 23 permit InternalNetwork 0.0.0.255
    access-list 101 permit ip InternalNetwork 0.0.0.255 VPN1_Network 0.0.0.255
    access-list 102 permit ip InternalNetwork 0.0.0.255 VPN2_Network 0.0.0.255
    access-list 105 deny ip InternalNetwork 0.0.0.255 VPN1_Network 0.0.0.255
    access-list 105 permit ip InternalNetwork 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    route-map nonat permit 10
    match ip address 105
    !
    !
    line con 0
    exec-timeout 120 0
    transport preferred all
    transport output all
    stopbits 1
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    length 0
    transport preferred all
    transport input all
    transport output all
    !
    scheduler max-task-time 5000
    !
    end
     
    Infocde, Mar 4, 2004
    #1
    1. Advertising

  2. Infocde

    John Rennie Guest

    I would turn on logging (use "logging buffered"). Then "sh log" should show
    you what is being blocked.

    JR

    On Thu, 4 Mar 2004 22:20:23 +0100, "Infocde" <> wrote:

    >Hi,
    >
    >I've made some time ago a little configuration on a 827 that permit to
    >connect to a VPN on another router and to accept Easy VPN client.
    >I don't know how but I've made some modification to my config and now it
    >doesn't work anymore.
    >
    >I can establish the Easy VPN connection, but on the connected device, I
    >can't ping internal address.

    <snip>
     
    John Rennie, Mar 7, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Masud Reza
    Replies:
    2
    Views:
    7,490
    Masud Reza
    Oct 20, 2003
  2. POL
    Replies:
    0
    Views:
    673
  3. mack
    Replies:
    0
    Views:
    911
  4. Al
    Replies:
    0
    Views:
    5,275
  5. GJ
    Replies:
    1
    Views:
    674
    Meat Plow
    May 23, 2007
Loading...

Share This Page