Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cisco 1721 with NAT IPsec and CBAC over DSL

Status
Not open for further replies.
aguilozano

aguilozano

Technical User
Dec 17, 2002
1
US
I am configuring a Cisco 1721 VPN router with NAT and CBAC. So far I seem to have everything configured somewhat correctly. I am able to terminate the IPsec connection to my router. After successful authentication I get a valid IP address from my address pool (verified by cisco vpn client 3.5.4), and I am able to ping devices on the local network behind the router (example: ping 192.168.254.1). But when I try to connect to say a PC or a server, I am unable to. I am connecting to the device simply by doing a run... \\192.168.254.1 and I get the error message "Unable to connect to device." Can someone help me out please. I am so close, yet so far away. Here is the config I am working on.


aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
!
username user password 0 password
ip subnet-zero
!
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name myfw ftp
ip inspect name myfw realaudio
ip inspect name myfw smtp
ip inspect name myfw streamworks
ip inspect name myfw vdolive
ip inspect name myfw tftp
ip inspect name myfw rcmd
ip inspect name myfw http
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group ihcclient
key ihc796
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set test esp-des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set test
crypto dynamic-map dynmap 20
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5snap
!
dsl operating-mode auto
no fair-queue
bridge-group 1
!
interface FastEthernet0
description local lan
ip address 192.168.254.254 255.255.255.0
ip nat inside
speed auto
!
interface BVI1
ip address 99.99.99.193 255.255.255.248
ip nat outside
crypto map clientmap
!
ip local pool ippool 172.16.1.1 172.16.1.20
ip nat inside source list 110 interface BVI1 overload
ip nat inside source static 192.168.254.1 99.99.99.196
ip classless
ip route 0.0.0.0 0.0.0.0 99.99.99.198
ip route 172.16.0.0 255.255.0.0 99.99.99.198
no ip http server
ip pim bidir-enable
!
!
access-list 110 deny ip host 192.168.254.0 172.16.0.0 0.0.255.255
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
!
bridge 1 protocol ieee
bridge 1 route ip
alias exec c config t
!
end
 
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
676
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
507
GlobeTrekkerGal
GlobeTrekkerGal
Sparrow4
  • Locked
  • Question
CISCO AnyConnect - URL instead of IP Address
Replies
4
Views
1K
iggsterman
iggsterman
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
867
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top