Cisco VPN with Site to Site and Remote Access

Discussion in 'Cisco' started by rustysyate, May 3, 2012.

  1. rustysyate


    May 3, 2012
    Likes Received:
    This is the first time for me to work with Cisco Router.
    The below mentioned is my configuration where
    Cisco Srv is Cisco 7200 Series Router XYZ is one VPN Server running on Linux. RAC is the Remote Access VPN Client
    | RAC |-----> | XYZ | ===== | Cisco Srv |

    The configuration for the Cisco Srv: no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    service internal
    hostname Cisco7200
    aaa new-model
    aaa authorization network hw-client-groupname local
    aaa session-id common
    enable password cisco
    memory-size iomem 16
    clock timezone - 0 6
    ip subnet-zero
    no ip source-route
    ip domain-name
    ip audit notify log
    ip audit po max-events 100
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp client configuration address-pool local dynpool
    crypto isakmp client configuration group hw-client-groupname
    key hw-client-password
    pool dynpool
    crypto isakm profile VPNclient
    description VPN clients profile
    match identity group hw-client-groupname
    isakmp authorization list hw-client-groupname
    client configuration address respond
    crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
    crypto dynamic-map vpnclient 1
    set transform-set transform-1
    set isakmp-profile VPNclient
    crypto isakmp policy 10
    encr aes 256
    hash sha
    authentication pre-share
    group 2
    crypto isakmp key somestrongkey address
    crypto ipsec transform-set ts esp-aes 256 esp-sha-hmac
    ip access-list extended vpn
    deny ip
    permit ip any
    crypto dynamic-map vpndynamic 10
    set transform-set ts
    match address vpn
    crypto map dynmap 1 ipsec-isakmp dynamic vpnclient
    crypto map dynmap 10 ipsec-isakmp dynamic vpndynamic
    interface FastEthernet1/0
    ip addr
    no shutdown
    crypto map dynmap
    no cdp enable
    interface f1/1
    description connected to HQ LAN
    ip address
    no shutdown
    speed auto
    no cdp enable
    ip local pool dynpool
    ip classless
    ip route 
    no ip http server
    ip pim bidir-enable
    no cdp run
    line con 0
    line aux 0
    line vty 0 4
    password cisco
    I can individually create a tunnel between Cisco Srv and RAC also between Cisco Srv and XYZ. But when the tunnel between Cisco Srv and XYZ is established, i can't create a tunnel with RAC from Cisco Srv. If anyone can shed some light it would be a great help for me.
    rustysyate, May 3, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.