Cisco 1760 router and VPN client Connection Issues
in [Cisco]
|
Prev: VPN ASA 5520 problem.
Next: Cannot apply ACL to fa0/5
From: Merv on 6 Jan 2008 11:35 suggest you use a different address range for VPN pool try using 172.16.1.x-y
From: p_teatreeoil on 6 Jan 2008 12:28 I'm assuming you can ping the public IP from outside and that you are able to telnet to your router through the Internet as well. Have you tried pinging with 1500-byte packets with the df bit set? Have you tried running any debugs?
From: jeroen.muskee on 8 Jan 2008 19:02 I have been trying various configs, but I do not seem to ba able to get router access from a vpn client. I have found on the web the configuration below, seems that most configs are similar, but this one does not work on my c1760. I will post my current config tomorrw, just lost full config. Rgds Jeroen version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption hostname moepi-border boot-start-marker boot-end-marker enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXX no aaa new-model resource policy clock timezone Berlin 1 clock summer-time Berlin date Mar 27 2005 2:00 Oct 31 2005 2:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip cef no ip dhcp use vrf connected ip dhcp excluded-address 172.16.0.51 172.16.0.254 ip dhcp excluded-address 172.16.0.1 172.16.0.9 ip dhcp ping timeout 100 ip dhcp pool Moepistation host 172.16.0.1 255.255.255.0 client-identifier 0100.07e9.46b9.e7 dns-server 172.16.0.254 default-router 172.16.0.254 lease infinite ip dhcp pool Moepinet network 172.16.0.0 255.255.255.0 default-router 172.16.0.254 dns-server 172.16.0.254 lease 2 ip domain name moepinet.local no ip ips deny-action ips-interface ip ddns update method dyndns HTTP add http://XXXXXXXXXXXXX(a)63.208.196.94/nic/update?system=dyndns&hostname=<h>&myip=<a> interval maximum 0 1 0 0 crypto pki trustpoint TP-self-signed-389617976 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-389617976 revocation-check none rsakeypair TP-self-signed-389617976 crypto pki certificate chain TP-self-signed-389617976 certificate self-signed 01 nvram:IOS-Self-Sig#3601.cer username XXXXX password 7 XXXXXXXXXXXXXXXXXX crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp client configuration group moepiremote key XXXXXXXXXXXXXXXXXXX dns 172.16.0.254 pool moepiremotepool include-local-lan netmask 255.255.255.0 crypto ipsec transform-set remoteset esp-3des esp-sha-hmac crypto ipsec df-bit clear crypto dynamic-map remotedyn 10 set transform-set remoteset crypto map remoteclient client authentication list ipsec crypto map remoteclient isakmp authorization list ipsec crypto map remoteclient client configuration address respond crypto map remoteclient 10 ipsec-isakmp dynamic remotedyn interface Loopback0 description Router-ID ip address 192.168.255.128 255.255.255.255 interface Ethernet0 description Verbindung zum DSL Modem bandwidth 10240 no ip address half-duplex pppoe enable pppoe-client dial-pool-number 1 fair-queue no cdp enable interface FastEthernet0 description LAN-Interface bandwidth 102400 ip address 172.16.0.254 255.255.255.0 ip nat inside ip virtual-reassembly speed auto fair-queue no cdp enable interface Dialer0 description TDSL-Dialer mtu 1492 bandwidth 3072 ip ddns update hostname moepinet.dyndns.org ip ddns update dyndns ip address negotiated previous ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 keepalive 60 1 no fair-queue no cdp enable ppp authentication chap callin ppp chap hostname XXXXXXXXXXXXXX ppp chap password 7 XXXXXXXXXXXXXX ppp ipcp dns request crypto map remoteclient ip local pool moepiremotepool 172.16.200.1 172.16.200.2 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ip dns server no ip http server no ip http secure-server ip nat inside source list nat-permission interface Dialer0 overload ip nat inside source static udp 172.16.0.1 4672 interface Dialer0 4672 ip nat inside source static tcp 172.16.0.1 4662 interface Dialer0 4662 ip access-list extended Telnet-Zugang permit tcp 172.16.0.0 0.0.0.255 any eq telnet permit tcp any any eq 22 ip access-list extended nat-permission deny ip 172.16.0.0 0.0.0.255 172.16.200.0 0.0.0.255 permit ip 172.16.0.0 0.0.0.255 any deny ip 172.16.200.0 0.0.0.255 172.16.0.0 0.0.0.255 permit ip 172.16.200.0 0.0.0.255 any dialer-list 1 protocol ip permit no cdp run control-plane line con 0 password 7 XXXXXXXX logging synchronous login local line aux 0 password 7 XXXXXXXX logging synchronous login local line vty 0 4 access-class Telnet-Zugang in password 7 XXXXXXXX logging synchronous login local transport preferred ssh transport input telnet ssh ntp clock-period 17179919 ntp peer 192.43.244.18
|
Pages: 1 Prev: VPN ASA 5520 problem. Next: Cannot apply ACL to fa0/5 |