Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to Access Anyconnect Gateway Page

Status
Not open for further replies.

steveredman

IS-IT--Management
Jun 16, 2008
20
GB
Hello,

I've been trying to set up Anyconnect on my 1801 router and have gone through all the relevant steps and it should now be working, except for the fact that the gateway webpage will not load if accessed from the public side of the router.

I have an entry in the inbound ACL on my dialer zero to allow traffic to get to TCP port 443 of my routers external IP.

The IP/port in question is not mapped to any internal resources.

If I enter the IP/port into my browser (using the https:// prefix) from the private side of the router it loads the page, but the same address from the public side gives nothing.

Any advice would be muchly appreciated.

Regards,

Stephen
 
ip http secure-server
ip http authen local

Please post a sh run...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Thanks for the response:-

!This is the running config of the router: 10.0.0.254
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco1801
!
boot-start-marker
boot system flash:c180x-advipservicesk9-mz.124-22.T.bin
boot system flash:c180x-advipservicesk9-mz.124-9.T7.bin
boot system flash:c180x-advipservicesk9-mz.124-6.T11.bin
boot system flash:c180x-advipservicesk9-mz.124-15.T7.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
no logging buffered
logging console critical
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnxauth1 local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network vpngroup1 local
!
!
aaa session-id common
clock timezone London 0
clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1250892470
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1250892470
revocation-check none
rsakeypair TP-self-signed-1250892470
!
crypto pki trustpoint eluksvrdcs0001.eldontool.local
enrollment terminal
serial-number none
fqdn vpn.eldontool.co.uk
ip-address none
password
subject-name O=Eldon Tool and Engineering Limited, OU=IT, CN=vpn.eldontool.co.uk, C=UK, ST=South Yorkshire, E=info@eldotool.co.uk
revocation-check crl
rsakeypair CP-RSAKey-1262600257543
!
!
crypto pki certificate chain TP-self-signed-1250892470
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323530 38393234 3730301E 170D3039 30333039 31303238
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32353038
39323437 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BB20 4AF222B9 89B29296 FBE39E3F E325687E CCE71336 42634B2D 6E7B1D41
D4B97700 AF26C0A2 9950FB28 26BB5266 713F07B4 2749B44B F111F2FD F52C1E67
A6E7DA4C BE9331E9 C41E25CF 0BCB30AE 62027C76 06F741CA E0002DB7 5687B213
B490D964 F4F7B367 90B49A3E 3920B4E9 CD0F149F C4DBCD2B E64F909B A72CDFCB
23F90203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 19636973 636F3138 30312E65 6C646F6E 746F6F6C 2E6C6F63
616C301F 0603551D 23041830 16801497 5055A655 6BF88FA3 0D578E81 BC68CA81
3505E930 1D060355 1D0E0416 04149750 55A6556B F88FA30D 578E81BC 68CA8135
05E9300D 06092A86 4886F70D 01010405 00038181 00266165 8AD115E9 7BD35673
4CB5E384 1E3CE38D 3E480F6E F66B8A02 C618DC9D 91A6E2F1 7D813C71 37DB477E
57620268 79112EA6 342E1924 6F7F849F F87A3E2C CB9EAC99 FD337E95 439AA3A2
6EDD1954 D286AB09 283C3488 C1E3AAB5 4F2F5DBB C508888C 3C3557C6 24226596
92EE6DD2 E9698F14 4C8E3D21 857804BB 9D82268C 0B
quit
crypto pki certificate chain eluksvrdcs0001.eldontool.local
certificate 18E8A931000000000014
308205A3 3082048B A0030201 02020A18 E8A93100 00000000 14300D06 092A8648
86F70D01 01050500 304B3115 3013060A 09922689 93F22C64 01191605 6C6F6361
6C311930 17060A09 92268993 F22C6401 19160965 6C646F6E 746F6F6C 31173015
06035504 03130E45 4C554B53 56524443 53303030 31301E17 0D313030 31303431
30303931 345A170D 31323031 30343130 30393134 5A3081A3 310B3009 06035504
06130255 4B311830 16060355 0408130F 536F7574 6820596F 726B7368 69726531
2B302906 0355040A 1322456C 646F6E20 546F6F6C 20616E64 20456E67 696E6565
72696E67 204C696D 69746564 310B3009 06035504 0B130249 54311C30 1A060355
04031313 76706E2E 656C646F 6E746F6F 6C2E636F 2E756B31 22302006 092A8648
86F70D01 09011613 696E666F 40656C64 6F746F6F 6C2E636F 2E756B30 5C300D06
092A8648 86F70D01 01010500 034B0030 48024100 C48ECB95 3B44AA71 17FFDA24
0BDD432B 9E24F278 F453C0D2 B1109CDF 1079255A A7930B10 4A8CD18C D2D049B7
C2C11122 D0176CE1 DE2E5C4A E6D881E3 E59C3211 02030100 01A38202 F6308202
F2300B06 03551D0F 04040302 05A0301D 0603551D 0E041604 149D7CEA B7AB8EF8
36828C2E 5CBB0F85 FF41CB01 EB301F06 03551D23 04183016 8014DC14 0B9EB465
A137C1CA 33E6163E 493FC157 A8303082 01210603 551D1F04 82011830 82011430
820110A0 82010CA0 82010886 81C06C64 61703A2F 2F2F434E 3D454C55 4B535652
44435330 3030312C 434E3D65 6C756B73 76726463 73303030 312C434E 3D434450
2C434E3D 5075626C 69632532 304B6579 25323053 65727669 6365732C 434E3D53
65727669 6365732C 434E3D43 6F6E6669 67757261 74696F6E 2C44433D 656C646F
6E746F6F 6C2C4443 3D6C6F63 616C3F63 65727469 66696361 74655265 766F6361
74696F6E 4C697374 3F626173 653F6F62 6A656374 436C6173 733D6352 4C446973
74726962 7574696F 6E506F69 6E748643 68747470 3A2F2F65 6C756B73 76726463
73303030 312E656C 646F6E74 6F6F6C2E 6C6F6361 6C2F4365 7274456E 726F6C6C
2F454C55 4B535652 44435330 3030312E 63726C30 82013606 082B0601 05050701
01048201 28308201 243081B1 06082B06 01050507 30028681 A46C6461 703A2F2F
2F434E3D 454C554B 53565244 43533030 30312C43 4E3D4149 412C434E 3D507562
6C696325 32304B65 79253230 53657276 69636573 2C434E3D 53657276 69636573
2C434E3D 436F6E66 69677572 6174696F 6E2C4443 3D656C64 6F6E746F 6F6C2C44
433D6C6F 63616C3F 63414365 72746966 69636174 653F6261 73653F6F 626A6563
74436C61 73733D63 65727469 66696361 74696F6E 41757468 6F726974 79306E06
082B0601 05050730 02866268 7474703A 2F2F656C 756B7376 72646373 30303031
2E656C64 6F6E746F 6F6C2E6C 6F63616C 2F436572 74456E72 6F6C6C2F 656C756B
73767264 63733030 30312E65 6C646F6E 746F6F6C 2E6C6F63 616C5F45 4C554B53
56524443 53303030 312E6372 74302106 092B0601 04018237 14020414 1E120057
00650062 00530065 00720076 00650072 300C0603 551D1301 01FF0402 30003013
0603551D 25040C30 0A06082B 06010505 07030130 0D06092A 864886F7 0D010105
05000382 01010016 CE22B053 36E7D8DA 6B6631E0 1078E3B7 783C584C BC4A7B43
6CAEB5DE EF14D854 2D31DEAA B07FF0B7 7A2385A9 EFD8ABAA 27DC1EA4 51BC630D
45CCFF50 975027B3 4DE815C5 57F06D87 280884E5 55116FE9 AEF1AFDE 5F3593F4
0EC0C434 EBE38684 8EEC12FC AD636C6D B508D6D8 4886244B 911C4603 F43254EB
87C053AC 81BEA9DF A44C4499 35A41364 9D70BE98 417CE210 B4B70088 647A63EB
FB2DD9C0 27814076 B974E7DB 43AC2055 468C5AC1 FA9AFE54 AF0610E6 D0A1944D
8F0195C8 38F31C69 D298E4AA 9E470742 2F5349EF B3D2DE20 00BD7455 543BA007
8CBB8194 D8635A7D A5D3AAFD 47374E32 F0FB1DE2 09D37F46 64856263 2807B28B
5D4DF490 9C5B26
quit
certificate ca 1009A1208D1A16A144DA91BF5FD49AF8
3082049A 30820382 A0030201 02021010 09A1208D 1A16A144 DA91BF5F D49AF830
0D06092A 864886F7 0D010105 0500304B 31153013 060A0992 268993F2 2C640119
16056C6F 63616C31 19301706 0A099226 8993F22C 64011916 09656C64 6F6E746F
6F6C3117 30150603 55040313 0E454C55 4B535652 44435330 30303130 1E170D30
39303230 34313035 3233345A 170D3330 30323034 31313031 32305A30 4B311530
13060A09 92268993 F22C6401 1916056C 6F63616C 31193017 060A0992 268993F2
2C640119 1609656C 646F6E74 6F6F6C31 17301506 03550403 130E454C 554B5356
52444353 30303031 30820122 300D0609 2A864886 F70D0101 01050003 82010F00
3082010A 02820101 00C0A1EB 86E6BD4B C43EEB50 6DBCE8A0 CA25B41D 8960B123
95C37112 77CA4158 373A9E5C 1329260E 5E756DE9 BA4E9C2B DCF27EC0 CE6B4518
21C82095 E79D9276 2A4C6290 7E7BBBF5 FDB1D023 8CE38F66 C83EDDBD D9C34875
741AE802 F3003B5E A0B1AF42 AFB1AD5E 5DC6C374 036AFE61 613C2F86 B6E6FF2C
CAFAD86F C12EEBD7 AAC02482 984305C7 9AC324C9 4333BD87 9D483611 8116601D
7E6A50CD 3D1C4389 71E310CC F43CB3B7 0042CD36 0CCB38AD 984CD7C8 B0668E11
37948BAC FBFABA5D ED7EF958 6D701E9E B2259816 601E877B 189FBEBB 36AD59F3
27E2E40B 2633CFAA 0F7D082A 2D8EA1E1 08239E94 874FF4EA AC98C5D1 C8728D98
7903109A 52418AAC 23020301 0001A382 01783082 0174300B 0603551D 0F040403
02018630 0F060355 1D130101 FF040530 030101FF 301D0603 551D0E04 160414DC
140B9EB4 65A137C1 CA33E616 3E493FC1 57A83030 82012106 03551D1F 04820118
30820114 30820110 A082010C A0820108 8681C06C 6461703A 2F2F2F43 4E3D454C
554B5356 52444353 30303031 2C434E3D 656C756B 73767264 63733030 30312C43
4E3D4344 502C434E 3D507562 6C696325 32304B65 79253230 53657276 69636573
2C434E3D 53657276 69636573 2C434E3D 436F6E66 69677572 6174696F 6E2C4443
3D656C64 6F6E746F 6F6C2C44 433D6C6F 63616C3F 63657274 69666963 61746552
65766F63 6174696F 6E4C6973 743F6261 73653F6F 626A6563 74436C61 73733D63
524C4469 73747269 62757469 6F6E506F 696E7486 43687474 703A2F2F 656C756B
73767264 63733030 30312E65 6C646F6E 746F6F6C 2E6C6F63 616C2F43 65727445
6E726F6C 6C2F454C 554B5356 52444353 30303031 2E63726C 30100609 2B060104
01823715 01040302 0100300D 06092A86 4886F70D 01010505 00038201 010004CD
669B70FC D065C046 58D41622 843D34F0 8FDE8931 60166B0B F7C43050 2FAC8A16
FCDB748B 1A2C287A D989EEF0 00379568 681FA1EF 4E309049 376A6875 EF6B07FA
5D7B6280 3BDBE706 9C4798EE 5709031B 51C5FDCB 4DEDA837 62DB62F8 2CAA92F4
53AD8617 F6D5B360 1B7B78DC 7C656F62 C2A2F0E6 7383FAAB 2F198913 2EE25867
13533A23 9AC65D85 976CE26A 1F2D23B6 5E9C5179 B5F96131 8A633BFE 95762CB1
FA4C3AD2 E916463B B9A33947 45621F72 B2102CB6 D956D4F2 66F66DB5 298B5850
7AF813BE 19A3C1AF 7DEDBC8A C3D376A6 69D78F43 FC587F81 EB74CEB8 D4DD1926
20FC0EA0 CB9F048B BC13D003 AE299956 1D8432C9 DF5FD917 27F5E3D3 9381
quit
dot11 syslog
no ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 91.84.144.137
!
ip dhcp pool DMZ
import all
network 91.84.144.136 255.255.255.252
dns-server 212.104.130.9 212.104.130.65
default-router 91.84.144.137
!
!
ip cef
no ip bootp server
ip domain name eldontool.local
ip name-server 10.0.0.2
ip name-server 10.1.0.1
ip ips notify SDEE
ip inspect log drop-pkt
ip inspect dns-timeout 30
ip inspect tcp finwait-time 30
ip inspect tcp synwait-time 60
ip inspect name SDM_LOW appfw SDM_LOW
ip inspect name SDM_LOW http
ip inspect name SDM_LOW https
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username a* privilege 15 secret 5
username S* privilege 0 view SDM_Monitor secret 5
username A* privilege 0 view SDM_Monitor secret 5
username J* privilege 0 view SDM_Monitor secret 5
username V* privilege 0 view SDM_Monitor secret 5
username I* privilege 0 view SDM_Monitor secret 5
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key t* address 194.73.125.66
!
crypto isakmp client configuration group DONVPN
key E*
dns 10.0.0.2 10.1.0.1
domain eldontool.local
pool VPNPOOL
acl 129
max-users 5
netmask 255.255.255.0
!
crypto isakmp client configuration group DONVEND
key E*
pool VENDPOOL
acl 128
max-users 1
max-logins 1
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group DONVPN
client authentication list vpnxauth1
isakmp authorization list vpngroup1
client configuration address respond
virtual-template 1
crypto isakmp profile sdm-ike-profile-2
match identity group DONVEND
client authentication list vpnxauth1
isakmp authorization list vpngroup1
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set A-TC esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
!
crypto ipsec profile DONVEND_Profile
set security-association idle-time 14400
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-2
!
crypto ipsec profile DONVPN_Profile
set security-association idle-time 14400
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
crypto map DialerVPN 10 ipsec-isakmp
description VPN Tunnel to TC
set peer 194.73.125.66
set security-association lifetime seconds 86400
set transform-set A-TC
match address 120
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
description Gemini Wireless Bridge$FW_INSIDE$$ETH-LAN$
ip address 10.10.10.9 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
speed auto
full-duplex
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
encapsulation hdlc
shutdown
!
interface FastEthernet1
description Gigabit Switch
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface ATM0
mtu 1500
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
crypto ipsec df-bit clear
!
interface ATM0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Virtual-PPP2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no cdp enable
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile DONVPN_Profile
!
interface Virtual-Template2 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile DONVEND_Profile
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 10.0.0.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
mtu 1492
bandwidth 845
bandwidth receive 10227
ip address 91.84.144.142 255.255.255.248
ip access-group 160 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname na322596@adsl.eclipse.co.uk
ppp chap password 7 094B4F0A0B1C1517060D0A7B
crypto map DialerVPN
crypto ipsec df-bit clear
!
interface Virtual-TokenRing2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ring-speed 16
!
ip local pool VPNPOOL 10.2.0.1 10.2.0.100
ip local pool VENDPOOL 10.2.0.101
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.255.255.0 Vlan1 permanent
ip route 10.1.0.0 255.255.255.0 10.10.10.12 permanent
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-top-talkers
top 20
sort-by bytes
cache-timeout 10000
!
ip nat inside source route-map NONAT interface Dialer0 overload
ip nat inside source static tcp 10.0.0.6 443 91.84.144.141 443 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.6 25 91.84.144.142 25 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.28 33 91.84.144.142 33 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.28 40 91.84.144.142 40 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.3 80 91.84.144.142 80 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.6 2525 91.84.144.142 2525 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.200 5900 91.84.144.142 5900 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.201 5900 91.84.144.142 5901 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.202 5900 91.84.144.142 5902 route-map RMAP_1 extendable
ip nat inside source static tcp 10.0.0.1 56912 91.84.144.142 56912 route-map RMAP_1 extendable
ip nat inside source static udp 10.0.0.1 56912 91.84.144.142 56912 route-map RMAP_1 extendable
!
ip access-list extended sdm_vlan1_in
remark SDM_ACL Category=1
deny ip any 91.84.144.136 0.0.0.3
ip access-list extended sdm_vlan6_in
remark SDM_ACL Category=1
deny ip any 10.0.0.0 0.255.255.255
!
logging trap debugging
logging 10.0.0.2
access-list 100 remark SDM_ACL Category=18
access-list 100 deny ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 10.1.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 10.2.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 10.0.0.0 0.0.0.255 10.2.0.0 0.0.0.255
access-list 100 deny ip 10.10.10.0 0.0.0.255 10.2.0.0 0.0.0.255
access-list 100 deny ip 10.1.0.0 0.0.0.255 10.2.0.0 0.0.0.255
access-list 100 deny ip 192.168.1.0 0.0.0.255 10.2.0.0 0.0.0.255
access-list 100 permit ip any any
access-list 120 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
access-list 121 deny ip any 192.168.1.0 0.0.0.255
access-list 121 deny ip any 10.2.0.0 0.0.0.255
access-list 128 remark SDM_ACL Category=20
access-list 128 permit ip host 10.0.0.28 10.2.0.0 0.0.0.255
access-list 129 permit ip 10.0.0.0 0.0.0.255 10.2.0.0 0.0.0.255
access-list 129 permit ip 10.1.0.0 0.0.0.255 10.2.0.0 0.0.0.255
access-list 129 permit ip 10.10.10.0 0.0.0.255 10.2.0.0 0.0.0.255
access-list 129 permit ip 192.168.1.0 0.0.0.255 10.2.0.0 0.0.0.255
access-list 160 remark CCP_ACL Category=17
access-list 160 remark SDM_ACL Category=17
access-list 160 permit ahp host 194.73.125.66 host 91.84.144.142
access-list 160 permit esp host 194.73.125.66 host 91.84.144.142
access-list 160 permit udp host 194.73.125.66 host 91.84.144.142 eq isakmp
access-list 160 permit udp host 194.73.125.66 host 91.84.144.142 eq non500-isakmp
access-list 160 permit tcp any host 91.84.144.142 eq 33
access-list 160 permit tcp any host 91.84.144.142 eq 40
access-list 160 permit tcp any host 91.84.144.142 eq 2525
access-list 160 permit tcp any host 91.84.144.142 eq smtp
access-list 160 permit tcp any host 91.84.144.142 eq www
access-list 160 permit udp any host 91.84.144.142 eq 56912
access-list 160 permit tcp any host 91.84.144.142 eq 56912
access-list 160 permit tcp host 195.137.112.228 host 91.84.144.142 range 5900 5902
access-list 160 permit ip 10.2.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 160 permit ip 10.2.0.0 0.0.0.255 10.1.0.0 0.0.0.255
access-list 160 permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 160 permit tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 eq smtp
access-list 160 permit ahp any host 91.84.144.142
access-list 160 permit esp any host 91.84.144.142
access-list 160 permit udp any host 91.84.144.142 eq isakmp
access-list 160 permit udp any host 91.84.144.142 eq non500-isakmp
access-list 160 permit icmp any 91.84.144.140 0.0.0.3
access-list 160 permit tcp any host 91.84.144.142 eq 4443
access-list 160 permit tcp any host 91.84.144.142 eq 443
access-list 160 permit tcp any host 91.84.144.141 eq 443
access-list 160 permit tcp any host 91.84.144.142 eq cmd
access-list 160 deny ip any any log
access-list 161 remark SDM_ACL Category=1
access-list 161 deny ip host 10.0.0.201 any log
access-list 161 deny ip host 10.0.0.202 any log
access-list 161 permit ip any any log
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
route-map NONAT permit 10
match ip address 100
!
route-map RMAP_1 permit 10
match ip address 121
!
!
!
!
control-plane
!
banner login ^CCCCCCCCCCCCCCCCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
parser view SDM_Monitor
secret 5 $1$2GFy$WIJmwvwdH8Zdn1pvzX.0p0
commands configure include end
commands configure include all interface
commands exec include dir all-filesystems
commands exec include dir
commands exec include all crypto ipsec client ezvpn
commands exec include crypto ipsec client
commands exec include crypto ipsec
commands exec include crypto
commands exec include all ping ip
commands exec include ping
commands exec include configure terminal
commands exec include configure
commands exec include all show
commands exec include all debug appfw
commands exec include debug
commands exec include all clear
!
scheduler interval 500
ntp update-calendar
ntp server 10.0.0.2 prefer
!
webvpn gateway ELDONGW
ip address 91.84.144.142 port 443
ssl trustpoint eluksvrdcs0001.eldontool.local
inservice
!
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
webvpn context ELDON
secondary-color white
title-color #669999
text-color black
ssl authenticate verify all
!
!
policy group policy_1
functions svc-enabled
svc address-pool "VPNPOOL"
svc default-domain "eldontool.local"
svc keep-client-installed
svc split dns "eldontool.local"
svc split dns "toolconnection.local"
svc dns-server primary 10.0.0.2
svc dns-server secondary 10.1.0.1
default-group-policy policy_1
aaa authentication list vpnxauth1
gateway ELDONGW
inservice
!
end


 
This seems to have something to do with this NAT rule:-

ip nat inside source route-map NONAT interface Dialer0 overload

If I take that rule off it works ok. Is there something I need to modify with this rule to make it work?

Thanks,

Stephen
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top