Octothorpe1
Technical User
I have a cisco 2611 router that I would like to be able to connect to using a ipsec/udp VPN. I can get the VPN to connect, but no traffic passes through the VPN (I can't even ping the router). My setup is:
internet(eth0/0)192.168.0.1 >> Cisco 2611 providing NAT to 1.0 network >> 192.168.1.0/24 (eth0/1)
this is currently a lab environment, but once I get everything working I will connect eth0/0 to my ISP.
NAT is enabled so this lab situation is exactly as it will be once I am connected to my ISP.
What I want is to be able to setup a IPSEC VPN over UDP to give me access to the hosts in the 192.168.1.0 network. My VPN client of course resides on the 192.168.0.0 network in this lab situation, and will be on the internet once the router is connected to my ISP.
I know I'm probably missing something simple, but any help would be greatly appreciated. My config is below.
internet(eth0/0)192.168.0.1 >> Cisco 2611 providing NAT to 1.0 network >> 192.168.1.0/24 (eth0/1)
this is currently a lab environment, but once I get everything working I will connect eth0/0 to my ISP.
NAT is enabled so this lab situation is exactly as it will be once I am connected to my ISP.
What I want is to be able to setup a IPSEC VPN over UDP to give me access to the hosts in the 192.168.1.0 network. My VPN client of course resides on the 192.168.0.0 network in this lab situation, and will be on the internet once the router is connected to my ISP.
I know I'm probably missing something simple, but any help would be greatly appreciated. My config is below.
Code:
!
! Last configuration change at 12:43:37 MST Sat Mar 10 2007
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname C2611
!
boot-start-marker
boot-end-marker
!
enable secret **********
!
clock timezone MST -7
clock summer-time MDT recurring
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool 192.168.1.x
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
lease 0 1
!
ip audit po max-events 100
!
!
username test secret 0 test
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group 3000client
key test123
dns 192.168.1.1
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0/0
description connected to Internet
mac-address 000f.66cb.8f73
ip address dhcp
ip access-group 100 in
ip nat outside
half-duplex
crypto map clientmap
!
interface Ethernet0/1
description connected to LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
half-duplex
!
ip local pool ippool 192.168.1.210 192.168.1.219
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip dns server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.0.0.0 0.0.0.255 any log
access-list 100 deny ip 172.0.0.0 0.255.255.255 any log
access-list 100 deny ip 224.0.0.0 31.255.255.255 any log
access-list 100 deny ip host 0.0.0.0 any log
access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
access-list 100 permit ip any any
!
!
line con 0
exec-timeout 3 0
speed 115200
line aux 0
exec-timeout 3 0
line vty 0 4
exec-timeout 0 0
!
ntp clock-period 17208633
ntp server 132.163.4.103 prefer
!
end