How can I gain remote console access to my 2801? 3

[Deepseadata]

I am setting up my lab at a customer site but I need to fly back to my office soon. I need to configure the router remotely from my office.

The problem is I need to put the cisco 2801 behind a stupid netgear router. I don't have admin access to the netgear either. I only know its IP address and the DNS address it served my notebook VIA dhcp.

What can I do to get through the Netgear and into the 2801 from my office back home without doing anything to the Netgear box?

I only have 2 more days to figure it out.

 

[burtsbees]

I will look at it in a few...SDM, eh? Cheater...lol

Burt

 

[burtsbees]

Change the NAT and post the config.

Burt

 

[Deepseadata]

Yeah I was shocked to see the ISP using SDM! I took a poke at him.. haha!

The good news is that everything works.

I changed the local pool from the outside 10.20.46.200 to an inside address of 192.168.254.160 - 170.

Whammo! I'm in and rockin around my LAN. I can get to everything!

Once again, Burt has come through.

I owe you a box of stars.

I'm not out of the woods yet. Now I have to give my VPN Client QoS so that it gets all of the bandwidth while I'm doing remote maint.

How do I close a thread?

And I think it's only fair I post the working config.. That's what we all come for right?

aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.20.46.1 10.20.46.30
!
ip dhcp pool St_LAN
network 10.20.46.0 255.255.255.0
default-router 10.20.46.1
dns-server 158.152.1.58 158.152.1.43
!
!
ip domain name happythingswork.net
ip name-server
ip name-server
!
!
voice-card 0
!
!
voice call carrier capacity active
voice rtp send-recv
voice dsp release early
!
voice service voip
fax protocol t38 nse force ls-redundancy 0 hs-redundancy 0 fallback cisco
!
!
!
crypto pki trustpoint TP-self-signed-3884018817
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3884018817
revocation-check none
rsakeypair TP-self-signed-3884018817
!
!
crypto pki certificate chain TP-self-signed-3884018817
certificate self-signed 0D

quit
fax interface-type fax-mail
archive
log config
hidekeys
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group happygroup
key wicked
pool SDM_POOL_1
include-local-lan
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group happygroup
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
interface Loopback0
ip address 192.25.55.34 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
description Starboard Stratos VSAT$FW_OUTSIDE$
ip address 10.20.46.20 255.255.255.0
ip nat outside
ip virtual-reassembly
no ip mroute-cache
speed 100
full-duplex
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.49.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router eigrp 1
network 192.168.0.0
network 192.168.49.0
auto-summary
!
ip local pool SDM_POOL_1 192.168.254.160 192.168.254.170
ip default-gateway 10.20.46.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.20.46.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool MADNATPOOL 10.20.46.20 10.20.46.20 netmask 255.255.255.0
ip nat inside source list 1 pool MADNATPOOL overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
!
!
!
control-plane
!
!
!
voice-port 0/2/0
echo-cancel coverage 32
no comfort-noise
cptone GB
timeouts interdigit 3
music-threshold -70
!
voice-port 0/2/1
echo-cancel coverage 32
no comfort-noise
cptone GB
timeouts interdigit 3
music-threshold -70
!
ccm-manager mgcp
!
mgcp
mgcp call-agent 10.129.48.11 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode nse
mgcp codec g729r8 packetization-period 60
mgcp playout adaptive 100 50 200
mgcp playout fax 500
no mgcp timer receive-rtcp
mgcp timer net-cont-test 1000
mgcp timer nse-response t38 1000
mgcp sdp simple
no mgcp fax t38 ecm
mgcp fax t38 nsf 000000
!
mgcp profile default
!
!
dial-peer cor custom
!
!
!
dial-peer voice 1 pots
service mgcpapp
port 0/2/0
!
dial-peer voice 2 pots
service mgcpapp
port 0/2/1
!
gateway
timer receive-rtp 1200
!
!
!
call-manager-fallback
max-conferences 4 gain -6
ip source-address 10.20.46.20 port 2000
max-ephones 24
max-dn 24


Have a nice day.

 

[Deepseadata]

CRAP!!!!!!!!!

My voice stopped working because of:

Loopback0
ip address 192.25.55.34 255.255.255.255


I just don't know enough about this VPN setup to know any way around using that. I can see some of my config is pointed at it.

Looking at how my VPN is setup, does it look like the traditional cisco's recommended setup would work?

I'm really up against the wall now.