Files Shares & Site to Site VPN

Discussion in 'Cisco' started by robertm@performancematerials.com, Aug 31, 2006.

  1. Guest

    Hello,

    I have a site to site vpn. Here is the layout:

    Internal
    |
    Cisco 1841
    |
    T1
    |
    Symantec Router
    |
    Branch Office

    The VPN link establishes very vell I can ping the server in the branch
    office, however I can't access the files shares on the branch server. I
    know I have access, so I am wondering if there is something I am
    missing?

    Posted below is my configuration:

    Using 6453 out of 196600 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname PMCGateway
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 10 log
    security passwords min-length 6
    logging buffered 51200 errors
    logging console critical
    enable secret 5 ...
    enable password 7 ...
    !
    aaa new-model
    !
    !
    aaa authentication login local_auth local
    aaa authentication login china local
    aaa authorization network china local
    !
    aaa session-id common
    no ip source-route
    no ip gratuitous-arps
    ip cef
    !
    !
    ip tcp synwait-time 10
    ip tcp intercept connection-timeout 3600
    ip tcp intercept watch-timeout 15
    ip tcp intercept max-incomplete low 450
    ip tcp intercept max-incomplete high 550
    ip tcp intercept drop-mode random
    !
    !
    no ip bootp server
    no ip domain lookup
    ip domain name sbspmc.local
    ip name-server x.x.x.5
    ip name-server x.x.x.2
    ip ssh time-out 60
    ip ssh authentication-retries 2
    ip inspect name firewall tcp
    ip inspect name firewall udp
    ip inspect name firewall ftp
    ip inspect name firewall pptp
    ip inspect name firewall smtp
    ip inspect name firewall http
    ip inspect name firewall isakmp
    ip inspect name firewall dns
    ip inspect name firewall icmp
    ip ips sdf location flash://128MB.sdf
    ip ips notify SDEE
    ip ips name sdm_ips_rule
    login block-for 10 attempts 10 within 10
    !
    !
    !
    username ...
    !
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    lifetime 500
    crypto isakmp key ************** address 207.x.x.3
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    !
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to202.x.x.3
    set peer 202.x.x.3
    set transform-set ESP-3DES-SHA
    match address 102
    !
    !
    !
    !
    interface Null0
    no ip unreachables
    !
    interface FastEthernet0/0
    description $FW_INSIDE$$ETH-LAN$
    ip address x.x.x.1 255.255.224.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    speed auto
    half-duplex
    no mop enabled
    !
    interface FastEthernet0/1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip route-cache flow
    shutdown
    duplex auto
    speed auto
    no mop enabled
    !
    interface Serial0/0/0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation frame-relay IETF
    ip route-cache flow
    no ip mroute-cache
    service-module t1 timeslots 1-24
    frame-relay lmi-type ansi
    !
    interface Serial0/0/0.1 point-to-point
    description $FW_OUTSIDE$
    bandwidth 1536
    ip address 207.x.x.89 255.255.248.0
    ip access-group 101 in
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip inspect firewall in
    ip inspect firewall out
    ip ips sdm_ips_rule in
    ip ips sdm_ips_rule out
    ip virtual-reassembly
    no cdp enable
    frame-relay interface-dlci 16
    crypto map SDM_CMAP_1
    !
    ip route 0.0.0.0 0.0.0.0 207.x.x.1
    !
    !
    ip http server
    ip http access-class 2
    no ip http secure-server
    ip nat inside source route-map SDM_RMAP_1 interface Serial0/0/0.1
    overload
    ip nat inside source static tcp x.x.x.3 80 interface Serial0/0/0.1 80
    ip nat inside source static tcp x.x.x.3 20 interface Serial0/0/0.1 20
    ip nat inside source static tcp x.x.x.3 21 interface Serial0/0/0.1 21
    ip nat inside source static tcp x.x.x.9 1723 interface Serial0/0/0.1
    1723
    ip nat inside source static tcp x.x.x.4 3389 interface Serial0/0/0.1
    3389
    ip nat inside source static tcp x.x.x.13 25 interface Serial0/0/0.1 25
    ip nat inside source static tcp x.x.x.3 110 interface Serial0/0/0.1 110
    !
    !
    logging trap debugging
    logging facility local2
    logging 172.16.32.5
    access-list 1 remark SDM_ACL Category=16
    access-list 1 permit x.x.x.0 0.0.31.255
    access-list 2 remark HTTP Access-class list
    access-list 2 remark SDM_ACL Category=1
    access-list 2 permit x.x.x.0 0.0.31.255
    access-list 2 deny any
    access-list 100 permit udp any any eq bootpc
    access-list 101 permit tcp any host x.x.x.89 eq www
    access-list 101 permit tcp any host x.x.x.89 eq ftp
    access-list 101 permit tcp any host x.x.x.89 eq ftp-data
    access-list 101 permit tcp any host x.x.x.89 eq pop3
    access-list 101 permit tcp any host x.x.x.89 eq smtp
    access-list 101 permit tcp any host x.x.x.89 eq 3389
    access-list 101 permit tcp any host x.x.x.89 eq domain
    access-list 101 permit tcp any host x.x.x.89 eq echo
    access-list 101 permit udp any host x.x.x.89 eq domain
    access-list 101 permit udp any host x.x.x.89 eq isakmp
    access-list 101 permit icmp any host x.x.x.89 echo
    access-list 101 permit icmp any host x.x.x.89 echo-reply
    access-list 101 permit tcp any host x.x.x.89 eq 1723
    access-list 101 permit gre any host x.x.x.89
    access-list 101 permit udp any host x.x.x.89 eq non500-isakmp
    access-list 101 permit ahp any host x.x.x.89
    access-list 101 permit esp any host x.x.x.89
    access-list 101 permit tcp any host x.x.x.89 range 20481 20485
    access-list 101 permit udp any host x.x.x.89 eq 1804
    access-list 102 remark SDM_ACL Category=4
    access-list 102 remark IPSec Rule
    access-list 102 permit ip x.x.x.0 0.0.31.255 x.x.x.0 0.0.31.255
    access-list 103 remark SDM_ACL Category=2
    access-list 103 remark IPSec Rule
    access-list 103 deny ip x.x.x.0 0.0.31.255 x.x.x.0 0.0.31.255
    access-list 103 permit ip x.x.x.0 0.0.31.255 any
    access-list 105 remark VTY Access-class list
    access-list 105 remark SDM_ACL Category=1
    access-list 105 permit ip x.x.x.0 0.0.31.255 any
    access-list 105 deny ip any any
    dialer-list 1 protocol ip permit
    dialer-list 1 protocol ipx permit
    no cdp run
    !
    route-map SDM_RMAP_1 permit 1
    match ip address 103
    !
    !
    !
    !
    control-plane
    !
    !
    banner login ^C Welcome^C
    banner motd ^CWelcome^C
    !
    line con 0
    exec-timeout 15 0
    login authentication local_auth
    transport output telnet
    line aux 0
    exec-timeout 15 0
    login authentication local_auth
    transport output none
    line vty 0 4
    access-class 105 in
    privilege level 15
    password 7 ...
    login authentication local_auth
    transport input telnet
    !
    scheduler allocate 20000 1000
    end
     
    , Aug 31, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ian Sime

    Access to network shares via VPN

    Ian Sime, Feb 3, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,364
    Ivan Ostres
    Feb 4, 2004
  2. tical
    Replies:
    3
    Views:
    3,933
    tical
    May 27, 2004
  3. Rick Stromberg
    Replies:
    7
    Views:
    9,910
    luisjimher
    Jun 3, 2011
  4. Nathan Simpson

    Incoming VPN and site to site VPN problems

    Nathan Simpson, Aug 14, 2004, in forum: Cisco
    Replies:
    1
    Views:
    503
  5. pasatealinux
    Replies:
    1
    Views:
    2,057
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page