Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with VLANS & VPN Access 2

Status
Not open for further replies.
captnops

captnops

IS-IT--Management
Feb 12, 2003
141
The folks at the Cisco switches forum were able to help me get our vlans setup properly, so I am hopeful that you folks can help with the routing portion.

I have a 2811 ISR that is my edge router and also hosts Cisco's Easy VPN server. I setup a pool of addresses for VPN clients that are off network. Right now our network is a single subnet 10.x.x.x and I have Nat'd the pool of VPN addresses to allow access to the internal LAN.

What changes to the router do I need to make to allow VPN clients access to the internal VLANS?

Thanks for the help

 
Sort by date Sort by votes
You must enjoy it because this wasn't easy. I did too, but I am not so sure now!!!! ;-)
 
Upvote 0 Downvote
Here is the final config. This router is basically just acting as a VPN appliance.


Current configuration : 3836 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging buffered
no logging console
enable secret 5 **************
enable password 7 ************
!
no aaa new-model
no network-clock-participate wic 0
!
dot11 syslog
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip cef
!
!
no ip domain lookup
!
no ipv6 cef
multilink bundle-name authenticated
!

!
voice-card 0
no dspfarm
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key 6 ********** address 206.17.98.20
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ********* esp-3des esp-sha-hmac
!
crypto map HEDI 10 ipsec-isakmp
set peer 206.x.x.x
set transform-set ********
match address 100
!
!
!
controller T1 0/0/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
interface FastEthernet0/0
ip address 10.10.10.X 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex full
speed 100
!
interface Serial0/0/0:0
description QWEST INTERNET CIRCUIT ID# **************
ip address 208.47.200.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly
crypto map HEDI
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 208.47.200.XXX
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Serial0/0/0:0 overload
ip nat inside source static 10.10.0.0 208.47.200.XXX extendable
!
access-list 100 permit ip any any

control-plane
!

!
line con 0
line aux 0
line vty 0 4
password 7 *****************
login
!
scheduler allocate 20000 1000
end

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
203
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
148
BIS
BIS
inlsp05
  • Locked
  • Question
2811&2960 48 volts wiring diagram
Replies
1
Views
128
BOKA
BOKA
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
63
quazimotto
quazimotto
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
82
inlsp05
inlsp05

Part and Inventory Search

Sponsor

Back
Top