I'm not the most expert person on cisco.
I have an issue. Remote sites are trying to tunnel into the router at the main site. I can telnet into the main router but for some reason none of the remote sites seem to be connecting to the main router. At a point in time they did work.
here is the show config of the main router
User Access Verification
AOandProuter#sh run
Building configuration...
Current configuration : 3621 bytes
!
version 12.2
no parser cache
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
enable secret 5 $1$U9A3$ayeK9WqP.prpgA6BEcFPL1
!
username router$$$$ password 7 0132100D481F071D751C
ip subnet-zero
ip domain name domain.com
ip name-server 63.175.222.5
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-
crypto isakmp key $$$$$$$ address 0.0.0.0 0.0.0.0 no-xauth
!
crypto isakmp client configuration group remoteuser
key ########
dns 192.168.1.10
wins 192.168.1.10
pool VPNPool
acl 130
!
!
crypto ipsec transform-set rtpset esp-3des esp-sha-hmac
crypto ipsec transform-set rtp2set esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set rtpset rtp2set
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client confi
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
description Internal Network
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.10.41
ip nat inside
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
description Internet Connection
ip address 63.175.74.1xx 255.255.255.0
ip nat outside
no cdp enable
crypto map clientmap
!
ip local pool VPNPool 192.168.10.40 192.168.10.45
ip nat pool OutSidePool 63.175.74.1xx 63.175.74.1xx netmask 255.255.255.
ip nat pool TermPool 63.175.74.1xx 63.175.74.1xx netmask 255.255.255.0
ip nat inside source static tcp 192.168.1.254 22 interface Ethernet1 22
ip nat inside source route-map nonat pool OutSidePool overload
ip classless
ip route 0.0.0.0 0.0.0.0 63.175.74.1
ip route 192.168.10.0 255.255.255.0 Ethernet1
no ip http server
!
!
logging facility local6
logging 192.168.1.5
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 permit ip 192.168.0.0 0.0.255.255 192.168.10.0 0.0.0.255
no cdp run
route-map nonat permit 10
match ip address 101
!
banner motd ^C
all the Ip addresses that end with 1xx are the same
I have an issue. Remote sites are trying to tunnel into the router at the main site. I can telnet into the main router but for some reason none of the remote sites seem to be connecting to the main router. At a point in time they did work.
here is the show config of the main router
User Access Verification
AOandProuter#sh run
Building configuration...
Current configuration : 3621 bytes
!
version 12.2
no parser cache
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
enable secret 5 $1$U9A3$ayeK9WqP.prpgA6BEcFPL1
!
username router$$$$ password 7 0132100D481F071D751C
ip subnet-zero
ip domain name domain.com
ip name-server 63.175.222.5
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-
crypto isakmp key $$$$$$$ address 0.0.0.0 0.0.0.0 no-xauth
!
crypto isakmp client configuration group remoteuser
key ########
dns 192.168.1.10
wins 192.168.1.10
pool VPNPool
acl 130
!
!
crypto ipsec transform-set rtpset esp-3des esp-sha-hmac
crypto ipsec transform-set rtp2set esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set rtpset rtp2set
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client confi
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
description Internal Network
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.10.41
ip nat inside
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
description Internet Connection
ip address 63.175.74.1xx 255.255.255.0
ip nat outside
no cdp enable
crypto map clientmap
!
ip local pool VPNPool 192.168.10.40 192.168.10.45
ip nat pool OutSidePool 63.175.74.1xx 63.175.74.1xx netmask 255.255.255.
ip nat pool TermPool 63.175.74.1xx 63.175.74.1xx netmask 255.255.255.0
ip nat inside source static tcp 192.168.1.254 22 interface Ethernet1 22
ip nat inside source route-map nonat pool OutSidePool overload
ip classless
ip route 0.0.0.0 0.0.0.0 63.175.74.1
ip route 192.168.10.0 255.255.255.0 Ethernet1
no ip http server
!
!
logging facility local6
logging 192.168.1.5
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 permit ip 192.168.0.0 0.0.255.255 192.168.10.0 0.0.0.255
no cdp run
route-map nonat permit 10
match ip address 101
!
banner motd ^C
all the Ip addresses that end with 1xx are the same
