I am setting up a new cisco 1921 and am trying to get the vpn running. I can connect via Ciscos Client, but I cannot communicate at all with the remote network (no ping, RDP, or anything). I will give my config below. Could someone please help me out on this!! I am new to Cisco routers so forgive me if it is something blatantly obvious.
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ITL-Router1
!
boot-start-marker
warm-reboot
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxx
!
aaa new-model
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization exec default local
aaa authorization network groupauthor local
!
aaa session-id common
!
no ipv6 cef
ip source-route
ip cef
!
ip dhcp excluded-address 192.168.1.1 192.168.1.209
ip dhcp excluded-address 192.168.1.231 192.168.1.254
!
ip dhcp pool ITL-pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 64.89.70.2 64.89.74.2
!
ip domain name itl-llc.com
!
multilink bundle-name authenticated
!
username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username vpn secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
redundancy
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key xxxxxxxxxxxxxx
domain itl-llc.com
pool ippool
acl 101
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map clientmap
!
ip local pool ippool 10.10.10.20 10.10.10.30
ip default-gateway xxx.xxx.xxx.xxx
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source route-map ITL-map-1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
!
access-list 23 permit any
access-list 100 deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
!
no cdp run
!
route-map ITL-map-1 permit 1
match ip address 100
!
!
snmp-server community public RO
!
control-plane
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
transport input ssh
line vty 5 15
access-class 23 in
transport input ssh
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ITL-Router1
!
boot-start-marker
warm-reboot
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxx
!
aaa new-model
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization exec default local
aaa authorization network groupauthor local
!
aaa session-id common
!
no ipv6 cef
ip source-route
ip cef
!
ip dhcp excluded-address 192.168.1.1 192.168.1.209
ip dhcp excluded-address 192.168.1.231 192.168.1.254
!
ip dhcp pool ITL-pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 64.89.70.2 64.89.74.2
!
ip domain name itl-llc.com
!
multilink bundle-name authenticated
!
username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username vpn secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
redundancy
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key xxxxxxxxxxxxxx
domain itl-llc.com
pool ippool
acl 101
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map clientmap
!
ip local pool ippool 10.10.10.20 10.10.10.30
ip default-gateway xxx.xxx.xxx.xxx
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source route-map ITL-map-1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
!
access-list 23 permit any
access-list 100 deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
!
no cdp run
!
route-map ITL-map-1 permit 1
match ip address 100
!
!
snmp-server community public RO
!
control-plane
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
transport input ssh
line vty 5 15
access-class 23 in
transport input ssh
!