From: stefano.codari on
Hi,
I would like to test a VPN connection with a cisco 851 and a remote PC
(win XP and a Cisco VPN client Ver. 4.8.01.0300).
All seams works fine but when the remote PC is connected it isn't able
to reach the network that is "behind" the cisco router.
I read some Cisco documentation but I don't understand what is wronged
in my config.
Thanks for any help.
Stefano


hostname TEST_VPNCLIENTR01
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 XXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXXXXX
!
aaa new-model

!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
memory-size iomem 15
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name mend.it
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-214268660
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-214268660
revocation-check none
rsakeypair TP-self-signed-214268660
!
!

username administrator privilege 15 secret 5 XXXXXXXXXXXXXX
username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXX
username PAPERINO secret 5 XXXXXXXXXXXXXXXXX
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group GRUPPOVPN
key XXXXXXXXX
dns 172.24.50.20 213.140.2.43
domain pippo.it
pool VPN_POOL
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map VPN_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map VPN_CRYPTO_MAP client authentication list sdm_vpn_xauth_ml_1
crypto map VPN_CRYPTO_MAP isakmp authorization list sdm_vpn_group_ml_1
crypto map VPN_CRYPTO_MAP client configuration address respond
crypto map VPN_CRYPTO_MAP 65535 ipsec-isakmp dynamic VPN_DYNMAP_1
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description OUTSIDE
ip address 172.17.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map VPN_CRYPTO_MAP
!
interface Vlan1
description INSIDE
ip address 172.24.50.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip local pool VPN_POOL 172.24.50.211 172.24.50.221
ip route 0.0.0.0 0.0.0.0 172.17.2.4
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map RMAP_NAVIGAZIONE interface FastEthernet4
overload
ip nat inside source static tcp 172.24.50.20 3389 interface
FastEthernet4 3389
!
logging trap debugging

access-list 1 permit 172.24.50.0 0.0.0.255

access-list 100 deny ip any host 172.24.50.211
access-list 100 deny ip any host 172.24.50.212
access-list 100 deny ip any host 172.24.50.213
access-list 100 deny ip any host 172.24.50.214
access-list 100 deny ip any host 172.24.50.215
access-list 100 deny ip any host 172.24.50.216
access-list 100 deny ip any host 172.24.50.217
access-list 100 deny ip any host 172.24.50.218
access-list 100 deny ip any host 172.24.50.219
access-list 100 deny ip any host 172.24.50.220
access-list 100 deny ip any host 172.24.50.221
access-list 100 permit ip 172.24.50.0 0.0.0.255 any
no cdp run

route-map RMAP_NAVIGAZIONE permit 1
match ip address 100

VERSIONE Cisco 851

ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

TEST_VPNCLIENTR01 uptime is 17 hours, 16 minutes
System returned to ROM by power-on
System image file is "flash:c850-advsecurityk9-mz.124-9.T.bin"

 | 
Pages: 1
Prev: VPN problem
Next: 3620 boot from tftp