Can't Access Win2k3 ser from the Internet.

[spikless]

Hi Everyone,
I have a little problem and was wondering if anyone could help me out.

I configured Ipsec VPN for two(2) cisco 870 routers, one for my cousin in different city and one for me.
Everything is working fine. But my problem now is, I want to be able to access my home router from another city using the internet.
When I try ping my WAN IP of the Server from a different computer, it times out.
Would i be able to access my server without installing cisco vpn client?

I will post the running-config on request.

Thanks very much.

 

[mahlad29]

Access it how, RDP?

20 yrs old, working towards my CCNP. Looking for a new job
02472

 

[burtsbees]

So your server is in a dirty DMZ?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[spikless]

@ Mahlad29:
I want to access my Win2k3 Server from another location without using a router. Just connect to the internet and dial-in to the Server. Either using Microsoft VPN or Cisco's VPN.

@Bustbees:
I think so, it is in a dirty DMZ.
I'm running IPsec VPN with access-list filter.
I can ping other machines on the internet through my router but can't ping my router from other machines on the internet.

 

[burtsbees]

Post a topology and a config of the vpn server router.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[spikless]

Here is the config:


Current configuration : 5495 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HOME_SERVER
!
boot-start-marker
boot-end-marker
!
no logging buffered
no logging console
enable secret 5 $1$TpRX$5RLIQNAU4XMhRkPdk82jXG.
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 0
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.49
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 192.168.0.5 80.87.78.3
default-router 192.168.0.1
!
!
ip cef
no ip bootp server
ip domain name harrison.com
ip name-server 80.87.78.3
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
[Output Cut]
!
username admin privilege 15 secret 5 $1$D7Am$wKqSakJt.fQ9DzQwKu762d
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key aserver address 90.90.90.90
!
!
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac

!
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to Site2
set peer 90.90.90.90
set transform-set ESP-3DES-SHA3
match address 104

!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN
ip address 80.80.80.80 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 500
shutdown
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 500
!
ip classless
ip route 0.0.0.0 0.0.0.0 80.87.64.3
ip route 192.168.1.0 255.255.255.0 FastEthernet4 90.90.90.90

!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
!
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end

http://www.4shared.com/file/145445754/3376a733/vpn2.html