Dear Folks,
I Configured VPN on my CISCO ISR 2811. By using VPN client I can connect the network. But I can't access any of my LAN resource. Its not pinging also.
Before configuring VPN I can connect to my router using Telnet. Now when I am trying to connect, after entering user name and password, enable mode its getting
% Error in authentication.
Please give suggestion to resolve this issue. Thanks in advance. Please find the config below
Username: admin
Password:
ROUTER1#sh run
Building configuration...
Current configuration : 4530 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER1
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
aaa new-model
!
!
aaa authentication login test local
aaa authorization network vpngroup local
!
aaa session-id common
!
ip cef
!
ip name-server X.X.X.X
ip name-server X.X.X.X
!
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
authentication pre-share
crypto isakmp policy 3
hash md5
authentication pre-share
crypto isakmp key XXXXXXX address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 20
crypto isakmp nat keepalive 20
crypto isakmp client configuration address-pool local abc
!
crypto isakmp client configuration group vpngroup
key XXXXXXX
pool abc
acl 110
save-password
!
crypto ipsec transform-set setA esp-des esp-md5-hmac
!
crypto dynamic-map mapA 1
set transform-set setA
!
!
crypto map mapA client authentication list test
crypto map mapA isakmp authorization list vpngroup
crypto map mapA client configuration address initiate
crypto map mapA client configuration address respond
crypto map mapA 1 ipsec-isakmp dynamic mapA
!
username admin privilege 15 secret 5 $1$3DJB$yqX5DdryifsV/6pcWQhfG/
username Router1o privilege 15 secret 5 $1$aZPP$uaETE1AMOQYV4zVST1wN.1
!
interface Loopback0
ip address 192.168.1.2 255.255.255.0
ip route-cache flow
!
interface FastEthernet0/0
description $FW_INSIDE$
ip address 10.10.150.12 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
ip route-cache flow
shutdown
no fair-queue
clock rate 2000000
!
interface ATM0/2/0
no ip address
ip route-cache flow
atm vc-per-vp 128
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
interface Dialer0
no ip address
ip route-cache flow
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1394
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp pap sent-username XXXX@XXXX.com password 0 XXXXX
crypto map mapA
!
ip local pool abc 192.168.250.1 192.168.250.254
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
no ip http secure-server
ip nat inside source list 150 interface Dialer1 overload
ip nat inside source static tcp 10.10.150.32 8086 interface Dialer1 80
ip nat inside source static tcp 10.10.150.8 7000 interface Dialer1 7000
ip nat inside source static tcp 10.10.150.17 21 interface Dialer1 21
ip nat inside source static tcp 10.10.150.32 443 interface Dialer1 5443
ip nat inside source static tcp 10.10.150.32 21 interface Dialer1 2101
ip nat inside source static tcp 10.10.150.88 21 interface Dialer1 2102
ip nat inside source static tcp 10.10.150.88 3007 interface Dialer1 3007
ip nat inside source static tcp 10.10.150.88 6600 interface Dialer1 6600
ip nat inside source static tcp 10.10.150.32 8181 interface Dialer1 8181
ip nat inside source static tcp 10.10.150.32 8085 interface Dialer1 8085
!
access-list 110 permit ip 192.168.250.0 0.0.0.255 10.10.150.0 0.0.0.255
access-list 150 permit ip 10.10.150.0 0.0.0.255 any
access-list 150 deny ip 10.10.150.0 0.0.0.255 192.168.250.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
password XXXXX
line aux 0
line vty 0 4
password XXXX
!
scheduler allocate 20000 1000
!
webvpn cef
!
end
I Configured VPN on my CISCO ISR 2811. By using VPN client I can connect the network. But I can't access any of my LAN resource. Its not pinging also.
Before configuring VPN I can connect to my router using Telnet. Now when I am trying to connect, after entering user name and password, enable mode its getting
% Error in authentication.
Please give suggestion to resolve this issue. Thanks in advance. Please find the config below
Username: admin
Password:
ROUTER1#sh run
Building configuration...
Current configuration : 4530 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER1
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
aaa new-model
!
!
aaa authentication login test local
aaa authorization network vpngroup local
!
aaa session-id common
!
ip cef
!
ip name-server X.X.X.X
ip name-server X.X.X.X
!
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
authentication pre-share
crypto isakmp policy 3
hash md5
authentication pre-share
crypto isakmp key XXXXXXX address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 20
crypto isakmp nat keepalive 20
crypto isakmp client configuration address-pool local abc
!
crypto isakmp client configuration group vpngroup
key XXXXXXX
pool abc
acl 110
save-password
!
crypto ipsec transform-set setA esp-des esp-md5-hmac
!
crypto dynamic-map mapA 1
set transform-set setA
!
!
crypto map mapA client authentication list test
crypto map mapA isakmp authorization list vpngroup
crypto map mapA client configuration address initiate
crypto map mapA client configuration address respond
crypto map mapA 1 ipsec-isakmp dynamic mapA
!
username admin privilege 15 secret 5 $1$3DJB$yqX5DdryifsV/6pcWQhfG/
username Router1o privilege 15 secret 5 $1$aZPP$uaETE1AMOQYV4zVST1wN.1
!
interface Loopback0
ip address 192.168.1.2 255.255.255.0
ip route-cache flow
!
interface FastEthernet0/0
description $FW_INSIDE$
ip address 10.10.150.12 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
ip route-cache flow
shutdown
no fair-queue
clock rate 2000000
!
interface ATM0/2/0
no ip address
ip route-cache flow
atm vc-per-vp 128
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
interface Dialer0
no ip address
ip route-cache flow
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1394
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp pap sent-username XXXX@XXXX.com password 0 XXXXX
crypto map mapA
!
ip local pool abc 192.168.250.1 192.168.250.254
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
no ip http secure-server
ip nat inside source list 150 interface Dialer1 overload
ip nat inside source static tcp 10.10.150.32 8086 interface Dialer1 80
ip nat inside source static tcp 10.10.150.8 7000 interface Dialer1 7000
ip nat inside source static tcp 10.10.150.17 21 interface Dialer1 21
ip nat inside source static tcp 10.10.150.32 443 interface Dialer1 5443
ip nat inside source static tcp 10.10.150.32 21 interface Dialer1 2101
ip nat inside source static tcp 10.10.150.88 21 interface Dialer1 2102
ip nat inside source static tcp 10.10.150.88 3007 interface Dialer1 3007
ip nat inside source static tcp 10.10.150.88 6600 interface Dialer1 6600
ip nat inside source static tcp 10.10.150.32 8181 interface Dialer1 8181
ip nat inside source static tcp 10.10.150.32 8085 interface Dialer1 8085
!
access-list 110 permit ip 192.168.250.0 0.0.0.255 10.10.150.0 0.0.0.255
access-list 150 permit ip 10.10.150.0 0.0.0.255 any
access-list 150 deny ip 10.10.150.0 0.0.0.255 192.168.250.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
password XXXXX
line aux 0
line vty 0 4
password XXXX
!
scheduler allocate 20000 1000
!
webvpn cef
!
end