This thing is driving me nuts!!!
Set up router and vpn from remote user.
Vpn connects but remote user can not see anything on office lan.
I can ping the router but thats it....
Listed below is the config
Current configuration : 3070 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXX
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
ip subnet-zero
!
!
ip dhcp excluded-address 172.16.0.1 172.16.0.100
ip dhcp excluded-address 172.16.0.151 172.16.255.254
!
ip dhcp pool sdm-pool1
import all
network 172.16.0.0 255.255.0.0
domain-name xxxx.xxx
dns-server 172.16.0.5 24.116.2.50
default-router 172.16.0.1
!
!
ip domain name xxxx.xxx
ip name-server 172.16.0.5
ip name-server 24.116.2.50
ip ids po max-events 100
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group C1VPN
key xxxxxx
pool SDM_POOL_1
max-users 10
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list default
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Ethernet0
description $ETH-LAN$
ip address 172.16.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description $ES_WAN$
ip address dhcp client-id Ethernet1 hostname CableOne
ip nat outside
ip virtual-reassembly
duplex auto
crypto map SDM_CMAP_1
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip local pool SDM_POOL_1 10.10.1.101 10.10.1.105
ip classless
!
ip http server
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Ethernet1 overload
!
!
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any host 10.10.1.101
access-list 100 deny ip any host 10.10.1.102
access-list 100 deny ip any host 10.10.1.103
access-list 100 deny ip any host 10.10.1.104
access-list 100 deny ip any host 10.10.1.105
access-list 100 permit ip 172.16.0.0 0.0.255.255 any
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
Thanks,
DJ
Set up router and vpn from remote user.
Vpn connects but remote user can not see anything on office lan.
I can ping the router but thats it....
Listed below is the config
Current configuration : 3070 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXX
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
ip subnet-zero
!
!
ip dhcp excluded-address 172.16.0.1 172.16.0.100
ip dhcp excluded-address 172.16.0.151 172.16.255.254
!
ip dhcp pool sdm-pool1
import all
network 172.16.0.0 255.255.0.0
domain-name xxxx.xxx
dns-server 172.16.0.5 24.116.2.50
default-router 172.16.0.1
!
!
ip domain name xxxx.xxx
ip name-server 172.16.0.5
ip name-server 24.116.2.50
ip ids po max-events 100
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group C1VPN
key xxxxxx
pool SDM_POOL_1
max-users 10
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list default
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Ethernet0
description $ETH-LAN$
ip address 172.16.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description $ES_WAN$
ip address dhcp client-id Ethernet1 hostname CableOne
ip nat outside
ip virtual-reassembly
duplex auto
crypto map SDM_CMAP_1
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip local pool SDM_POOL_1 10.10.1.101 10.10.1.105
ip classless
!
ip http server
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Ethernet1 overload
!
!
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any host 10.10.1.101
access-list 100 deny ip any host 10.10.1.102
access-list 100 deny ip any host 10.10.1.103
access-list 100 deny ip any host 10.10.1.104
access-list 100 deny ip any host 10.10.1.105
access-list 100 permit ip 172.16.0.0 0.0.255.255 any
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
Thanks,
DJ