easy vpn IOS - vpn clients cannot acces another network behind nat

Discussion in 'General Computer Support' started by teodor, Aug 20, 2009.

  1. teodor

    teodor

    Joined:
    Aug 19, 2009
    Messages:
    2
    First:
    Cisco 3620 series router. IOS version: IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(9), RELEASE SOFTWARE (fc2)


    Network status:
    ethernet 0/0 - WAN interface with crypto map applied on it for vpn clients
    ethernet 0/1 - LAN_1 interface
    ethernet 0/2 - LAN_2 interface (all packets that reach this LAN must be natted behind ip from 0/2 interface)

    So far: vpn clients connect and have access to LAN_1
    from LAN_1 i have access to LAN_2 with nat rules

    Issue: VPN clients do not have access to LAN_2

    result of sh run with important data

    aaa new-model
    !
    !
    aaa authentication login vpnclient local
    aaa authorization network localgroups local
    aaa session-id common
    ip subnet-zero
    !
    !
    ip cef
    no ip domain lookup
    !
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp keepalive 20 3
    !
    crypto isakmp client configuration group <>
    key <>
    dns <> <>
    domain <>
    pool adminpool
    acl 101
    !
    !
    crypto ipsec transform-set clienttransform esp-3des esp-sha-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set clienttransform
    reverse-route
    !
    interface Ethernet0/0
    ip address <> 255.255.255.224
    ip access-group 155 in
    full-duplex
    crypto map mymap
    !
    interface Ethernet0/1
    ip address 192.168.18.1 255.255.252.0
    full-duplex
    !
    interface Ethernet0/2
    ip address <> 255.255.255.0
    ip nat outside
    full-duplex
    no cdp enable
    !
    ip local pool adminpool 172.16.50.1 172.16.50.254
    ip nat inside source list 110 interface Ethernet0/2 overload
    no ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 <gw for ethernet 0/0>
    !
    !
    access-list 101 permit ip <vpn class> <LAN_1 class>
    access-list 101 permit ip <vpn class> <LAN_2 class>
    !
    !
    !
    access-list 110 permit ip <LAN_1 class> <LAN_2 class>
    access-list 110 permit ip <vpn class> <LAN_2 class>
    !
    end


    any ideas on how to make vpn clients have access to LAN_2 - their packets need to be natted on interface 0/2
     
    teodor, Aug 20, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eugene Vekua
    Replies:
    1
    Views:
    632
    Martin Bilgrav
    Mar 2, 2004
  2. Rodney
    Replies:
    3
    Views:
    5,219
    CISCORUBS
    Aug 17, 2004
  3. baoboa
    Replies:
    2
    Views:
    798
    meerkat
    Mar 12, 2007
  4. Henning

    Cannot acces website

    Henning, Sep 27, 2007, in forum: Computer Support
    Replies:
    0
    Views:
    528
    Henning
    Sep 27, 2007
  5. teodor
    Replies:
    0
    Views:
    590
    teodor
    Aug 20, 2009
Loading...

Share This Page