technicaluser4
Technical User
Hi,
I am trying to setup Cisco Easy VPN Server. I managed to go tru the SDM wizard and finished it.
fastethernet0 is my interenet connection receiving incoming VPN connections.
I managed to setup Cisco VPN client 5.0.
The connection is established and I can ping the vlan1 interface of the router, but I cannot access any other machine on the LAN.
I have unnumbered the virtual interface with VLAN1. Is this the right way?
I believe it must be either a route problem or an access-list problem but I cannot figure out what is wrong I tried everything!
Any help? Thanks!!
Configuration:
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2016299323
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2016299323
revocation-check none
rsakeypair TP-self-signed-2016299323
!
!
crypto pki certificate chain TP-self-signed-2016299323
certificate self-signed 01
A6549855 DA847E67 76C3C51C 9682774F 1A6C1AC5 1FEB0148 A7B9DA92 F78CDDEA 2538
quit
dot11 syslog
ip source-route
!
!
!
!
ip cef
4
ip name-server 82.15.46.122
no ipv6 cef
!
multilink bundle-name authenticated
!
!
username user1 privilege 15 secret 5 $1$Q5xI$ZQasfNi59JjrtarDHxhyMQTasdadasEvJ6o.
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group group-vpn
key Passw0rd
pool SDM_POOL_1
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group group-vpn
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 3600
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Multilink1
no ip address
ppp multilink
ppp multilink group 1
!
interface Dot11Radio0
no ip address
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface FastEthernet0
ip address 191.24.15.46 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
ip address 10.1.1.10 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1 type tunnel
ip unnumbered Vlan1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $ES_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map LAN
!
interface Async1
no ip address
encapsulation slip
!
ip local pool SDM_POOL_1 10.10.10.150 10.10.10.160
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source route-map NAT_LAN interface FastEthernet0 overload
ip nat inside source route-map NAT_LAN2 interface FastEthernet1 overload
!
logging 10.0.0.1
access-list 20 permit 10.10.10.10
!
!
!
route-map LAN permit 10
match ip address 20
set ip next-hop 191.24.15.45
set interface FastEthernet0
!
route-map NAT_LAN permit 10
match interface FastEthernet0
!
route-map NAT_LAN2 permit 10
match interface FastEthernet1
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
transport input telnet
!
end
I am trying to setup Cisco Easy VPN Server. I managed to go tru the SDM wizard and finished it.
fastethernet0 is my interenet connection receiving incoming VPN connections.
I managed to setup Cisco VPN client 5.0.
The connection is established and I can ping the vlan1 interface of the router, but I cannot access any other machine on the LAN.
I have unnumbered the virtual interface with VLAN1. Is this the right way?
I believe it must be either a route problem or an access-list problem but I cannot figure out what is wrong I tried everything!
Any help? Thanks!!
Configuration:
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2016299323
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2016299323
revocation-check none
rsakeypair TP-self-signed-2016299323
!
!
crypto pki certificate chain TP-self-signed-2016299323
certificate self-signed 01
A6549855 DA847E67 76C3C51C 9682774F 1A6C1AC5 1FEB0148 A7B9DA92 F78CDDEA 2538
quit
dot11 syslog
ip source-route
!
!
!
!
ip cef
4
ip name-server 82.15.46.122
no ipv6 cef
!
multilink bundle-name authenticated
!
!
username user1 privilege 15 secret 5 $1$Q5xI$ZQasfNi59JjrtarDHxhyMQTasdadasEvJ6o.
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group group-vpn
key Passw0rd
pool SDM_POOL_1
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group group-vpn
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 3600
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Multilink1
no ip address
ppp multilink
ppp multilink group 1
!
interface Dot11Radio0
no ip address
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface FastEthernet0
ip address 191.24.15.46 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
ip address 10.1.1.10 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1 type tunnel
ip unnumbered Vlan1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $ES_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map LAN
!
interface Async1
no ip address
encapsulation slip
!
ip local pool SDM_POOL_1 10.10.10.150 10.10.10.160
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source route-map NAT_LAN interface FastEthernet0 overload
ip nat inside source route-map NAT_LAN2 interface FastEthernet1 overload
!
logging 10.0.0.1
access-list 20 permit 10.10.10.10
!
!
!
route-map LAN permit 10
match ip address 20
set ip next-hop 191.24.15.45
set interface FastEthernet0
!
route-map NAT_LAN permit 10
match interface FastEthernet0
!
route-map NAT_LAN2 permit 10
match interface FastEthernet1
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
transport input telnet
!
end