Cannot VPN to 1721 through Easy VPN Client

Discussion in 'Cisco' started by mack, Oct 13, 2004.

  1. mack

    mack Guest

    I'm having trouble establishing a VPN connection to our 1721 router
    with the Cisco Easy VPN Client software. I've posted the router's
    current config below.

    The vpn client says "Peer no longer responding". Any suggestions on
    what may be causing this?

    --------------------------------------------------------------------
    Current configuration : 5309 bytes
    !
    ! Last configuration change at 02:30:44 UTC Fri Oct 15 2004
    ! NVRAM config last updated at 01:29:16 UTC Fri Oct 15 2004 by setup
    !
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname RTR_PB
    !
    logging queue-limit 100
    enable secret *****
    enable password *****
    !
    username setup privilege 15 password *****
    aaa new-model
    !
    !
    aaa authentication banner ^This is a restricted site.^C
    aaa authentication login default local
    aaa authentication login network group radius local
    aaa authentication ppp network group radius
    aaa authorization exec default local
    aaa authorization network default group radius local
    aaa session-id common
    ip subnet-zero
    !
    !
    ip name-server 192.168.3.10
    !
    ip audit notify log
    ip audit po max-events 100
    vpdn enable
    !
    vpdn-group pppoe
    request-dialin
    protocol pppoe
    !
    !
    !
    !
    !
    crypto isakmp policy 1
    hash md5
    authentication pre-share
    group 2
    !
    crypto isakmp policy 3
    hash md5
    authentication pre-share
    group 2
    !
    crypto isakmp client configuration group clients
    key *****
    dns 192.168.3.10
    domain *****
    pool vpnpool
    !
    !
    crypto ipsec transform-set 3dessha esp-3des esp-sha-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set 3dessha
    reverse-route
    !
    !
    crypto map clientmap client authentication list network
    crypto map clientmap isakmp authorization list default
    crypto map clientmap client configuration address respond
    crypto map clientmap 100 ipsec-isakmp dynamic dynmap
    !
    !
    bridge irb
    !
    !
    interface ATM0
    no ip address
    ip broadcast-address 0.0.0.0
    no atm ilmi-keepalive
    dsl operating-mode itu-dmt
    !
    interface ATM0.1 point-to-point
    ip broadcast-address 0.0.0.0
    pvc 8/35
    pppoe-client dial-pool-number 1
    !
    !
    interface FastEthernet0
    ip address 192.168.3.1 255.255.255.0
    ip broadcast-address 192.168.3.0
    ip access-group NETWORK_IN in
    ip nat inside
    speed auto
    half-duplex
    !
    interface Dialer1
    ip address negotiated
    ip access-group DIALER_IN in
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    encapsulation ppp
    dialer pool 1
    ntp disable
    no cdp enable
    ppp chap hostname *****
    ppp chap password *****
    crypto map clientmap
    !
    ip local pool vpnpool 192.168.5.1 192.168.5.254
    ip nat pool ovrld ***** ***** prefix-length 24
    ip nat inside source route-map nonat pool ovrld overload
    ip nat inside source static tcp 192.168.3.20 80 ***** 80 extendable
    ip nat inside source static tcp 192.168.3.20 25 ***** 25 extendable
    ip nat inside source static tcp 192.168.3.20 110 ***** 110 extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip http server
    ip http authentication local
    ip http secure-server
    !
    !
    !
    ip access-list extended DIALER_IN
    permit tcp any host 192.168.3.20 eq smtp
    permit tcp any host 192.168.3.20 eq pop3
    permit ip any host *****
    permit udp any any eq isakmp
    permit udp any any eq non500-isakmp
    permit esp any any
    permit ahp any any
    permit ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
    permit icmp 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
    permit tcp any any eq www
    permit tcp any any eq smtp
    permit tcp any any eq pop3
    permit tcp any any eq 22
    permit tcp any any eq ident
    permit tcp any any eq 3389
    deny ip host 0.0.0.0 any
    deny ip host 255.255.255.255 any
    deny ip 10.0.0.0 0.255.255.255 any
    deny ip 127.0.0.0 0.255.255.255 any
    deny ip 172.16.0.0 0.15.255.255 any
    deny ip 192.168.0.0 0.0.255.255 any
    deny ip 224.0.0.0 15.255.255.255 any
    permit icmp any any echo-reply
    permit icmp any any time-exceeded
    permit icmp any any packet-too-big
    permit icmp any any traceroute
    permit icmp any any unreachable
    deny icmp any any
    deny tcp any range 0 65535 any range 0 65535
    deny udp any range 0 65535 any range 0 65535
    deny ip any any
    ip access-list extended NETWORK_IN
    permit tcp host 192.168.3.20 eq smtp any
    permit tcp host 192.168.3.20 eq pop3 any
    permit tcp host 192.168.3.20 eq www any
    permit udp any any eq isakmp
    permit udp any any eq non500-isakmp
    permit esp any any
    permit ahp any any
    permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
    permit ip any host 255.255.255.255
    permit icmp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
    permit tcp any any eq www
    permit udp any any eq domain
    permit tcp any any eq smtp
    permit tcp any any eq 443
    permit tcp any any eq ftp
    permit tcp any any eq ftp-data
    permit tcp any any eq pop3
    permit tcp any any eq nntp
    permit tcp any any eq 22
    permit tcp any any eq telnet
    permit tcp any any eq 1863
    permit tcp any any eq 1755
    permit tcp any any eq 3389
    permit tcp any any eq 5631
    permit tcp any any eq 5632
    permit icmp any any
    deny tcp any range 0 65535 any range 0 65535
    deny udp any range 0 65535 any range 0 65535
    deny ip any any
    !
    access-list 10 permit 192.168.3.0 0.0.0.255
    access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
    access-list 111 permit ip 192.168.3.0 0.0.0.255 any
    !
    route-map nonat permit 10
    match ip address 111
    !
    radius-server host 192.168.3.10 auth-port 1645 acct-port 1646 key
    *****
    radius-server authorization permit missing Service-Type
    bridge 1 protocol ieee
    bridge 1 route ip
    !
    line con 0
    line aux 0
    line vty 0 4
    password cisco
    transport input telnet ssh
    !
    end
     
    mack, Oct 13, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.