Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

can't access LAN using easyvpn from remote pc using cisco vpn client

Status
Not open for further replies.

mknew

IS-IT--Management
Sep 9, 2013
9

here the config, router: 1841


Building configuration...

Current configuration : 3054 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname X_R_Z
!
boot-start-marker
boot system flash:c1841-advipservicesk9-mz.124-12.bin
boot-end-marker
!
no logging buffered
enable secret 5 $1$MNXK$lahi6sf17juTZIYm877hT.
enable password cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.87
ip dhcp excluded-address 192.168.1.1 192.168.1.66
ip dhcp excluded-address 192.168.1.106
!
ip dhcp pool Xyz
network 192.168.1.0 255.255.255.0
default-router 192.168.1.77
dns-server 196.29.180.39 196.29.164.49 192.168.1.82
domain-name wr
!
!
no ip domain lookup
!
!
!
username w1 privilege 15 password 0 ww2
username firm privilege 15 secret 5 $1$oIDZ$JHpf0Hft0qMAi4oabOfM..
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group testvpn
key 111111
pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA1
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0/0
description WAN_INTERFACE
no ip address
no ip proxy-arp
ip mtu 1400
speed 100
full-duplex
!
interface FastEthernet0/0.71
encapsulation dot1Q 71
ip dhcp relay information trusted
ip address 192.168.1.77 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.75
encapsulation dot1Q 75
ip address 197.251.229.147 255.255.255.252
no ip proxy-arp
ip nat outside
ip virtual-reassembly
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
ip address 10.8.0.1 255.255.255.0
duplex auto
speed auto
!
ip local pool SDM_POOL_1 192.168.50.1 192.168.50.5
ip route 0.0.0.0 0.0.0.0 197.251.229.146
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0.75 overload
!
ip access-list extended X-Yh
remark SDM_ACL Category=16
deny ip any host 192.168.50.1
deny ip any host 192.168.50.2
deny ip any host 192.168.50.3
deny ip any host 192.168.50.4
deny ip any host 192.168.50.5
permit ip 192.168.1.0 0.0.0.255 any
!
!
route-map SDM_RMAP_1 permit 1
match ip address X-Yh
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password SR
!
scheduler allocate 20000 1000
end


Appreciate your help
 
and by lan do you mean 10. network or your 192. network ?

route print on the client side.
what are you accessing, and what is the behavior ?

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
the Lan network is 192.168.1

I want to access anything in internal Lan but no success even the router itself which it has 192.168.1.77, although I can connect using Cisco vpn client, The router has 2 interface, outside: interface FastEthernet0/0.75 which has public ip , inside: interface FastEthernet0/0.71 which has internal ip (192.168.1.77)
I made the VPN config. on interface FastEthernet0/0.75, I can't ping anything internally?!!
 
what is your client's gateway ?
can they ping their gateway (the router?) i am assuming (192.168.1.77) if yes then follow along, if NO then jump to **
can they ping the external interface ? if yes then follow along, if NO then Jump to ***
can the router ping something inside the network ? if yes then idkwmi.. if no then trouble shoot router's connectivity.

** what is their gateway ? does the gateway know that there is a bunch of addresses in this subnet sitting behind this router? if not why not?
*** what is the routing table on the vpn clients?

idkwmi: i dont know with out more info .

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
5gp7134ov
image.jpg
 
as images above I don't know how vpn clients take their gateway. the vpn clients can connect the public ip (outside interface), but they can't ping anything with 192.168.1.

appreciate your help
 
if they can't even ping 192.168.1.77 then there is something wrong..

can you please do: start menu-> run --> cmd --> route print
also can you confirm if they can't / can ping 192.168.1.77?

Thanks,


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Hi,

I got the image above when trying to test a vpn client

 
Hi,

I tried to connect from a different pc using cisco vpn client and it successed [2thumbsup], the pc uses another ISP,
but I can't from my laptop.
I noticed that when I connected from the pc the ip in the local Lan route tape in cisco vpn client was 192.1.0.0, and their sent and receive packets
but from my laptop the local Lan route tape was strange ip (public) and there are sent packets but no receive [sad]
something wrong, no firewall on laptop :(
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top